How can I update a secret on Kubernetes when it is generated from a file?

kubernetes kubectl kubernetes-secrets

Solution 1:

This should work:

kubectl create secret generic production-tls \
    --save-config --dry-run=client \
    --from-file=./tls.key --from-file=./tls.crt \
    -o yaml | 
  kubectl apply -f -

Solution 2:

You can delete and immediately recreate the secret:

kubectl delete secret production-tls \
--ignore-not-found

kubectl create secret generic production-tls \
--from-file=./tls.key \
--from-file=./tls.crt

I put these commands in a script. The --ignore-not-found prevents getting a warning on the first run.

Solution 3:

Alternatively, you can also use jq's = or |= operator to update secrets on the fly. 

TLS_KEY=$(base64 < "./tls.key" | tr -d '\n')
TLS_CRT=$(base64 < "./tls.crt" | tr -d '\n')
kubectl get secrets production-tls -o json \
        | jq '.data["tls.key"] |= "$TLS_KEY"' \
        | jq '.data["tls.crt"] |= "$TLS_CRT"' \
        | kubectl apply -f -

Although it might not be as elegant or simple as the kubectl create secret generic --dry-run approach, technically, this approach is truly updating values rather than deleting/recreating them. You'll also need jq and base64 (or openssl enc -base64) commands available, tr is a commonly-available Linux utility for trimming trailing newlines.

See here for more details about jq update operator |=.

Related

How to resolve Unneccessary Stubbing exception
Objective-C: Calling selectors with multiple arguments
Get Slightly Lighter and Darker Color from UIColor
Heroku 'Permission denied (publickey) fatal: Could not read from remote repository' woes
RecyclerView - How to smooth scroll to top of item on a certain position?
How to remove single character from a String
xcode 8 error denied by service delegate (SBMainWorkspace)
UIButton Image + Text IOS
Programmatically get height of navigation bar
How do I design a class in Python?
What do the f and t commands do in Vim?
How to put a delay on AngularJS instant search?