I want to learn how to update secrets in worker pods without killing and recreating the deployment.
Currently pods pull in secrets to as env vars with:
env:
- name: SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: secret_access_key
name: secrets
but this only happens when they startup.
So if there is a need to change a secret I have to:
- Change the secret in
secrets.yaml
kubectl apply -f secrets.yaml
kubectl delete -f worker-deployment.yaml
kubectl apply -f worker-deployment.yaml
I really don't like step 3 and 4 as they terminate jobs in progress.
What is a better workflow for updating env var secrets in place?