K
Q

How to restart Kubernetes pod when a secret is updated in Hashicorp Vault?

8/29/2019

Have successfully implemented Vault with Kubernetes and applications running in K8s are getting their environment variables from Hashicorp vault. Everything is great! But, want to take a step forward and want to restart the pod whenever a change is made to the secret in the Vault, as of now, we have to restart the pod manually to reset environment variables whenever we make changes to Vault secret. How this can be achieved? Have heard about confd but not sure how it can be implemented!

-- AshitAcharya
confd
hashicorp-vault
kubernetes

Similar Questions

Using kubernetes secrets in a configmap
Alert if there are no logs from a node
What is the proper way to Patch an object with controller-runtime?
How do you supply your Applications with TLS Certificates centrally in Openshift?

1 Answer

8/29/2019

A couple ideas, depending on how much effort you want to put into it:

  1. Just restart the pod every so often. A hacky way to do this is with a liveness probe, like this answer. Drawback is you can't use the liveness probe as a real health check without additional scripting.

  2. Create an operator that polls Vault for changes and instructs Kubernetes to restart the pod when a change is detected. Not sure if Vault has an events API that you could use for that.

-- Grant David Bachman
Source: StackOverflow