K
Q

Updating a Pod with its Secret

11/7/2018

I have a kubernetes deployment which uses secrets for environment variables. So the pod has env variables which are using the secret.

Now I updated my deployment manifest json and the secret json to remove some of the variables, but when I apply these files, I get CreateContainerConfigError for the pod, and in its description I see:

Couldn't find key FOO in Secret mynamespace/secret-mypod

I've deleted this key from my secret json and from the deployment manifest json. Why am I still getting this error?

I understand that I can delete the deployment and apply it to get it to work, but I don't want to do that.

What is the right way to handle this scenario?

-- Ufder
kubernetes
kubernetes-secrets

Similar Questions

Prometheus Alerting Rules: Comparing metrics in expression with a value from label
Applying API Server App ID to k8s cluster spec
Inject Docker LABEL into Kubernetes Metadata Annotation
Pod don't run, insufficient resources
Kubernets Spark Operator: Configuring Automatic Application Restart and Failure Handling
how to see the pod and veth relationship in kubernetes
Escape k8s nodePort range
dial tcp 127.0.0.1:8080: connect: connection refused AWS CodeBuild EKS
how to configure kubernetes container spec for oauth2 proxy using Azure provider and Hashicorp Vault secret injector

1 Answer

11/7/2018

I would do a replace on the deployment json. If the original deployment had the usual update settings, a new pod will be created with the new deployment config. If it starts ok, the old one will be deleted.

To be safer, you could create a new secret with some version indicator in the name, refer to the new secret name in the new deployment definition. That way if there's a problem with the new pod or the old needs to be redeployed, the old secret will still be there.

-- Steve Huston
Source: StackOverflow