I am unable to change the password of an existing user from MongoDB deployed on k8s, unless I am deleting the database and then recreating it again with the new password.
How can I change the password using the yaml for the mongo stateful object without deleting the db?
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongo-db-statefulset
namespace: development
spec:
serviceName: mongo-svc
replicas: 1
selector:
matchLabels:
component: mongo
template:
metadata:
labels:
component: mongo
spec:
terminationGracePeriodSeconds: 10
containers:
- name: mongo
image: mongo:4.0.4
volumeMounts:
- mountPath: /data/db
name: volume
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: admin
- name: MONGO_INITDB_ROOT_PASSWORD
# from secrets
value: password
- name: MONGO_INITDB_DATABASE
value: admin
volumes:
- name: volume
persistentVolumeClaim:
claimName: database-persistent-volume-claimIf I understand your issue correctly:
According to documentation:
Environment variables are not updated after a secret update, so if If a container already consumes a Secret in an environment variable, a Secret update will not be seen by the container unless it is restarted. There are third party solutions for triggering restarts when secrets change.
This is a known issue. You can read more about it in this github issue.
So after you change the secret password you have to restart your pod to update this value, you don't have to delete it.
As mentioned in documentation there are third party tools for triggering restart when secrets change, one of them is Reloader.
Reloader can watch changes in ConfigMap and Secret and do rolling upgrades on Pods with their associated DeploymentConfigs, Deployments, Daemonsets and Statefulsets.
The quick way to restart deployment would be to use kubectl rollout restart, which performs a step by step shutdown and restarts each container in your deployment or statefulset.
If you change the password in your secret and use kubectl rollout restart the new password should work.