Reputation: 384
kubernetes update secrets using imperative commands
I am creating kubernetes secrets using the below command
kubectl create secret generic test-secret --save-config --dry-run=client --from-literal=a=data1 --from-literal=a=data2 -o yaml | kubectl apply -f -
Now, I need to add new literals using kubectl imperative command how to do that?? say eg:
kubectl apply secret generic test-secret --from-literal=c=data3 -o yaml | kubectl apply -f -
but gave the below error
Error: unknown flag: --from-literal See 'kubectl apply --help' for usage. error: no objects passed to apply
Any quick help is appreciated
Upvotes: 1
Views: 6137
Answers (2)
Reputation: 5585
You can use kubectl patch imeperative command
example
root@controlplane:~# kubectl patch secrets test-secret --type='json' -p='[{"op" : "replace" ,"path" : "/data/newkey" ,"value" : "bmV3VmFsCg=="}]'
secret/test-secret patched
root@controlplane:~# kubectl describe secrets test-secret
Name: test-secret
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
a: 5 bytes
b: 5 bytes
newkey: 7 bytes
you need to pass encoded value, to encode/decode the new value of key you can use below command
root@controlplane:~# echo "newValue" | base64
bmV3VmFsdWUK
root@controlplane:~# echo bmV3VmFsdWUK | base64 -d
newValue
another option is to use kubectl edit but if you automate your code you can't use edit option
kubectl edit secret test-secret
Upvotes: 0
Reputation: 128827
add new literals using kubectl imperative command
When working with imperative commands it typically means that you don't save the change in a place outside the cluster. You can edit a Secret in the cluster directly:
kubectl edit secret test-secret
But if you want to automate your "addition", then you most likely save your Secret another place before applying to the cluster. How to do this depends on how you manage Secrets. One way of doing it is by adding it to e.g. Vault and then have it automatically injected. When working in an automated way, it is easier to practice immutable Secrets, and create new ones instead of mutating - because you typically need to redeploy your app as well, to make sure it uses the new. Using Kustomize with secretGenerator might be a good option if you work with immutable Secrets.
Upvotes: 1
Related Questions
- Update kubernetes secrets doesn't update running container env vars
- Kubernetes: modify a secret using kubectl?
- How to update secret with "kubectl patch --type='json'"
- How can I update a secret on Kubernetes when it is generated from a file?
- How to edit secrets in kubernetes nicely?
- Create or edit Kubernetes secret from a job
- Kubernetes secret programmatically update
- Change the secret a Kubernetes deployment expects
- Updating a Pod with its Secret
- How to update Secrets (Without Deleting and Creating) in Openshift?