Is there a way to programmatically update a kubernetes secret from a pod? that is, not using kubectl. I have a secret mounted on a pod and also exposed via an environment variable. I would like to modify it from my service but it looks that it's read only by default.
Asked
Active
Viewed 1,020 times
1 Answers
1
You can use the Kubernetes REST API with the pod's serviceaccount's token as credentials (found at /var/run/secrets/kubernetes.io/serviceaccount/token inside the pod), you just need to allow the service account to edit secrets in the namespace via a role.
See Secret for the API docs
The API server is internally reachable via https://kubernetes.default
Kanadaj
- 962
- 9
- 25