Add some context for the secret refresher

Azure · Dec 17, 2024 · 6d70019 · 6d70019
1 parent 76a8903
commit 6d70019
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/frontend/deploy/helm/frontend/templates/frontend.secret-refresher.yaml b/frontend/deploy/helm/frontend/templates/frontend.secret-refresher.yaml
@@ -1,3 +1,12 @@
+################################
+#
+# This keeps the certificate secret fresh because the secret is mounted from the keyVault (via the SecretProviderClass) and
+# it's if the certificate changes in the keyvault this will trigger the refreshing of the kubernetes secret.
+#
+# Note: the istio plugin doesn't support using the SecretProviderClass directly. When it does this can be removed.
+# 
+################################
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/frontend/deploy/helm/frontend/templates/frontend.secretproviderclass.yaml b/frontend/deploy/helm/frontend/templates/frontend.secretproviderclass.yaml
@@ -1,3 +1,10 @@
+################################
+#
+# The addition of the secretObjects is to facilitate the istio plugin as it can't yet consume  the SecretProviderClass directly. 
+# When it does this can be simplified and the secret.refresher removed.
+# 
+################################
+
 apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata: