Does k8 update environment variables when secrets change?

6/22/2019

While running kubernetes clusters, I've noticed that when a secret's value is changed pods that use it as an environment variable are not rebuilt and my applications don't receive a SIGTERM event.

While I know it's technically possible to update the environment of a running process using something like gdb, this is a horrible thing to do and I assume k8s doesn't do this.

Is there a signal that is sent to an effected process when this situation occurs, or some other way to handle this?

-- Mike Marcacci
docker
kubernetes
kubernetes-secrets
signals

1 Answer

6/22/2019

No, nor does any such thing happen on ConfigMap mounts, env-var injection, or any other situation; signals are sent to your process only as a side-effect of Pod termination

There are innumerable solutions to do rolling update on ConfigMap or Secret change but you have to configure what you would want your cluster to do and under what circumstances, because there is no way that a one-size-fits-all solution would work in all the ways that kubernetes is used in the world

-- mdaniel
Source: StackOverflow