在Pod运行时安装Kubernetes秘密
[英]Mount Kubernetes secret at pod runtime
问题描述
I have an optional secret volume defined in my StatefulSet like 
我在StatefulSet中定义了一个可选的秘密卷,例如
- name: my-secret-volume
secret:
secretName: my-secret
optional: true
And further, I mount it in my container. 而且,我将其安装在我的容器中。 When I provision the pod, the secret does not exist yet. 当我设置Pod时,秘密还不存在。
Later, another service is installed on the cluster, which creates my-secret . 稍后,在群集上安装了另一个服务,该服务创建了my-secret 。 Is there any way to mount that secret inside my pod where it was originally marked as optional, without having to restart the pod? 有什么方法可以将该秘密装入最初标记为可选的我的Pod中,而不必重新启动Pod?
1 个解决方案
解决方案1
3 已采纳 2019-09-11 17:32:19
Apparently, mounted secrets are updated automatically. 显然,安装的机密会自动更新。 From https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets : 从https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets :
When a secret being already consumed in a volume is updated, projected keys are eventually updated as well.
I have tested it manually, defined my-secret and it eventually (in under a minute) showed up in the mounted path, which was previously empty (before I created my-secret ). 我已经对其进行了手动测试,定义了my-secret ,并且最终(不到一分钟)它显示在安装路径中,该路径以前是空的(在创建my-secret )。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.