0

I have a k8s secret yaml definition with some data items already applied in the cluster. After removing some data items from the yaml file, and updating the secret with kubectl apply, those removed data items still persists in the secret object existing in the k8s cluster, not being able to remove them without deleting and recreating the secret from scratch. However, this is not the usual behavior and only happens on rare occasions. Any idea why this is happening and how can I fix it without deleting the whole secret?

Example:

$ cat <<EOF|kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: db-credentials-secret
  namespace: default
type: Opaque
stringData:
  user: foo
  password: bar
EOF

The secret is created with data items user and password.

$ cat <<EOF|kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
  name: db-credentials-secret
  namespace: default
type: Opaque
stringData:
  password: bar
EOF

After removing user from the secret definition, the secret is updated with kubectl apply but the user data item still remains in the secret.

beni0888
  • 1,050
  • 1
  • 12
  • 40
  • What does `kubectl -n default get secret db-credentials-secret -o yaml` show you? – Chin Huang Nov 16 '21 at 17:27
  • it shows me the secret definition with all its data items (user and password included), even though `password` should have been removed. In addition, it also includes the `resourceVersion`, `selfLink` and `uuid` fields every k8s object has. – beni0888 Nov 17 '21 at 05:39
  • Which version of Kubernetes did you use and how did you set up the cluster? Did you use bare metal installation or some cloud providor? It is important to reproduce your problem. – Mikołaj Głodziak Nov 17 '21 at 11:29
  • @MikołajGłodziak Kubernets version is 1.19 and the clusters is an Amazon EKS setup. – beni0888 Nov 24 '21 at 05:34
  • You are using deprecated version of Kubernetes. Could you update it to newest? – Mikołaj Głodziak Nov 24 '21 at 13:22

0 Answers0