K
Q

Mount Kubernetes secret at pod runtime

9/11/2019

I have an optional secret volume defined in my StatefulSet like

  - name: my-secret-volume
    secret:
      secretName: my-secret
      optional: true

And further, I mount it in my container. When I provision the pod, the secret does not exist yet.

Later, another service is installed on the cluster, which creates my-secret. Is there any way to mount that secret inside my pod where it was originally marked as optional, without having to restart the pod?

-- Maxim Neaga
kubernetes
kubernetes-secrets

Similar Questions

How to set up kubernetes for Spring and MySql
How to enable IAP for services with canary deployment
How to add a Kafka client to a Rails Docker deployment?
Error: Invalid or corrupt jarfile /app.jar

1 Answer

9/11/2019

Apparently, mounted secrets are updated automatically. From https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets :

When a secret being already consumed in a volume is updated, projected keys are eventually updated as well. Kubelet is checking whether the mounted secret is fresh on every periodic sync.

I have tested it manually, defined my-secret and it eventually (in under a minute) showed up in the mounted path, which was previously empty (before I created my-secret).

-- Maxim Neaga
Source: StackOverflow