8

I have a secret, and I mounted it as a volume inside a deployment.

If I update the secrets value later, will the new updated value gets automatically reflected as well inside the deployment pods which I volume mounted the secret?

Note:

I am following the answer here to update the secret

How can I update a secret on Kubernetes when it is generated from a file?

Thanks in advance.

Arghya Sadhu
  • 41,002
  • 9
  • 78
  • 107
Jplus2
  • 2,216
  • 2
  • 28
  • 49

1 Answers1

7

From the docs here

When a secret currently consumed in a volume is updated, projected keys are eventually updated as well. The kubelet checks whether the mounted secret is fresh on every periodic sync.

Note: A container using a Secret as a subPath volume mount will not receive Secret updates.

Your application need to reload the changed file to have the change effective either by watching for change in file system or by restarting the pod. Check this related discussion here

Arghya Sadhu
  • 41,002
  • 9
  • 78
  • 107
  • I see, so its automatically updated except for subPath volume mount. Btw what you mean about "your application need to reload the changed file to have the change effective"? since volume mounted secrets are automatically updated (I understand there is a bit of delay) – Jplus2 Jul 15 '20 at 22:15
  • The change in config need to be reflected in memory of the application...for that the app need to restart – Arghya Sadhu Jul 22 '20 at 08:18
  • 1
    Loading or reading the secret is an application concern. The OP was asking whether the mounted secret would update properly inside of a mounted volume, and it seems the answer is "yes" (unless you are using subPath volume). This is a confusing answer because you have missed the main part that confirms "Mounted secrets are updated automatically" even though you have quoted the exception. – Phil Nov 11 '22 at 10:45