diff --git a/frontend/deploy/helm/frontend/templates/frontend.secret-refresher.yaml b/frontend/deploy/helm/frontend/templates/frontend.secret-refresher.yaml index 52d87c25f..5bd99bceb 100644 --- a/frontend/deploy/helm/frontend/templates/frontend.secret-refresher.yaml +++ b/frontend/deploy/helm/frontend/templates/frontend.secret-refresher.yaml @@ -1,3 +1,12 @@ +################################ +# +# This keeps the certificate secret fresh because the secret is mounted from the keyVault (via the SecretProviderClass) and +# it's if the certificate changes in the keyvault this will trigger the refreshing of the kubernetes secret. +# +# Note: the istio plugin doesn't support using the SecretProviderClass directly. When it does this can be removed. +# +################################ + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/frontend/deploy/helm/frontend/templates/frontend.secretproviderclass.yaml b/frontend/deploy/helm/frontend/templates/frontend.secretproviderclass.yaml index 883f4be21..07aadd2b9 100644 --- a/frontend/deploy/helm/frontend/templates/frontend.secretproviderclass.yaml +++ b/frontend/deploy/helm/frontend/templates/frontend.secretproviderclass.yaml @@ -1,3 +1,10 @@ +################################ +# +# The addition of the secretObjects is to facilitate the istio plugin as it can't yet consume the SecretProviderClass directly. +# When it does this can be simplified and the secret.refresher removed. +# +################################ + apiVersion: secrets-store.csi.x-k8s.io/v1 kind: SecretProviderClass metadata: