Watch for certificates in subdirectories for path specified in "watchDirectories" attribute.

[porwalameet]

Hi All,
Thanks for this wonderful project which helps us monitor certificates on Kubernetes Cluster.

We are using daemonset mode with "watchDirectories" setting. This address most of our use-case, however at times we have certificates mounted onto pod-filesystem directly using CSI Volumes or configMap.
Example:
A certificate is stored in Hashicorp Vault or Azure KeyVault, and using CSI, we can pull these certificates and mount directly on pods.

Here there are no kubernetes secret created and wish to monitor these certificates as well.

However, the files reside on respective node filesystem where pod is run in /var/lib/kubelet/pods/<pod-uid>/volumes/<volume-type>. The pod UID is unique and dynamic uid which is assigned to a running pod and remains till the pod lifetime.
On host Node, it looks something like below:

# pwd
/var/lib/kubelet/pods/c5ce7790-8260-4e30-8f56-8ef6a374f755/volumes
# ls -ltr
total 0
drwxr-xr-x 3 root root  27 Feb 27 10:24 kubernetes.io~downward-api
drwxr-xr-x 5 root root  67 Feb 27 10:24 kubernetes.io~configmap
drwxr-xr-x 7 root root 103 Feb 27 10:24 kubernetes.io~empty-dir
drwxr-xr-x 4 root root  54 Feb 27 10:24 kubernetes.io~projected

So, to address this we can specify watchDirectories as /var/lib/kubelet/pods/*/volumes or just /var/lib/kubelet/pods/, which scans all pod directories and appends to existing list for the files scanned and follow the basic flow of parsing certificates.

As watchDirectories configuration monitors only files within the specified path, is there any work going on to address recursive parsing in subdirectories.

Thanks.