From 6d7001958ca2139374fd3d347c0908f6aa309dbe Mon Sep 17 00:00:00 2001
From: Maitiu O Ciarain <m.ociarain@gmail.com>
Date: Tue, 17 Dec 2024 12:44:03 +0000
Subject: [PATCH] Add some context for the secret refresher

---
 .../frontend/templates/frontend.secret-refresher.yaml    | 9 +++++++++
 .../frontend/templates/frontend.secretproviderclass.yaml | 7 +++++++
 2 files changed, 16 insertions(+)

diff --git a/frontend/deploy/helm/frontend/templates/frontend.secret-refresher.yaml b/frontend/deploy/helm/frontend/templates/frontend.secret-refresher.yaml
index 52d87c25f..001fb92eb 100644
--- a/frontend/deploy/helm/frontend/templates/frontend.secret-refresher.yaml
+++ b/frontend/deploy/helm/frontend/templates/frontend.secret-refresher.yaml
@@ -1,3 +1,12 @@
+################################
+#
+# This keeps the certificate secret fresh because the secret is mounted from the keyVault (via the SecretProviderClass) and
+# it's if the certificate changes in the keyvault this will trigger the refreshing of the kubernetes secret.
+#
+# Note: the istio plugin doesn't support using the SecretProviderClass directly. When it does this can be removed.
+# 
+################################
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
diff --git a/frontend/deploy/helm/frontend/templates/frontend.secretproviderclass.yaml b/frontend/deploy/helm/frontend/templates/frontend.secretproviderclass.yaml
index 883f4be21..b84bfd751 100644
--- a/frontend/deploy/helm/frontend/templates/frontend.secretproviderclass.yaml
+++ b/frontend/deploy/helm/frontend/templates/frontend.secretproviderclass.yaml
@@ -1,3 +1,10 @@
+################################
+#
+# The addition of the secretObjects is to facilitate the istio plugin as it can't yet consume  the SecretProviderClass directly. 
+# When it does this can be simplified and the secret.refresher removed.
+# 
+################################
+
 apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata: