How to restart Kubernetes pod when a secret is updated in Hashicorp Vault? How to restart Kubernetes pod when a secret is updated in Hashicorp Vault? kubernetes kubernetes

How to restart Kubernetes pod when a secret is updated in Hashicorp Vault?


kubernetes hashicorp-vault confd

Use reloader https://github.com/stakater/Reloader. We found it quite useful in our cluster. It does a rolling update hence you can change config with zero downtime too. Also if you made some errors in configmap you can easily do a rollback.

kubernetes hashicorp-vault confd

A couple ideas, depending on how much effort you want to put into it:

  1. Just restart the pod every so often. A hacky way to do this is with a liveness probe, like this answer. Drawback is you can't use the liveness probe as a real health check without additional scripting.

  2. Create an operator that polls Vault for changes and instructs Kubernetes to restart the pod when a change is detected. Not sure if Vault has an events API that you could use for that.

kubernetes hashicorp-vault confd

https://www.vaultproject.io/docs/agent/template#renewals-and-updating-secrets

If a secret or token isn't renewable or leased, Vault Agent will fetch the secret every 5 minutes. This is not configurable. Non-renewable secrets include (but not limited to) KV Version 2.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last