Have successfully implemented Vault with Kubernetes and applications running in K8s are getting their environment variables from Hashicorp vault. Everything is great! But, want to take a step forward and want to restart the pod whenever a change is made to the secret in the Vault, as of now, we have to restart the pod manually to reset environment variables whenever we make changes to Vault secret. How this can be achieved? Have heard about confd but not sure how it can be implemented!
Finally, just out of curiosity, came up with an idea to build an Operator to watch Vault for any change in a specific Secret Engine and restart pods of respective Deployment defined in a Custom Resource. Here is the medium blog on it with the code base - https://medium.com/@ashitacharya1/the-auto-rollout-of-kubernetes-pods-upon-change-of-hashicorp-vault-secrets-kopf-operator-670aa670def0 Might come helpful for a few.