kuberneteskubernetes-secretskubernetes-security

If I update a secret, does it automatically gets updated to all resources in which it is volume mounted?


I have a secret, and I mounted it as a volume inside a deployment.

If I update the secrets value later, will the new updated value gets automatically reflected as well inside the deployment pods which I volume mounted the secret?

Note:

I am following the answer here to update the secret

How can I update a secret on Kubernetes when it is generated from a file?

Thanks in advance.


Solution

  • From the docs here

    When a secret currently consumed in a volume is updated, projected keys are eventually updated as well. The kubelet checks whether the mounted secret is fresh on every periodic sync.

    Note: A container using a Secret as a subPath volume mount will not receive Secret updates.

    Your application need to reload the changed file to have the change effective either by watching for change in file system or by restarting the pod. Check this related discussion here