1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Consider switching from a pull model, to a push model. Create an automated workflow such that:
- Create an entirely new secret with the new data, leaving the old secret intact.
- Update the PodSpec of the Deployment to point to the new secret.
- Recycle your pods at a controlled rate. I recommend using a PodDisruptionBudget to prevent downtime here.
- Validate all pods have been updated and are using the new secret successfully. If this fails, switch back to the old secret as an error handled.
- Delete the old secret after such time that you feel comfortable.
If we automate this process with something like AWS Step Functions, then you never need to set up a polling API call.
répondu il y a un an
Isn’t it costlier though?
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- Réponse acceptéedemandé il y a un an
- demandé il y a un mois
- AWS OFFICIELA mis à jour il y a 9 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
Did you have a look at this? https://catalog.workshops.aws/eks-immersionday/en-US/secrets-manager/aws-secrets-manager
@alatech Yes, I had tried the approaches I have listed. What I need to know is the best method to use to obtain secrets and how to set rotation sync poll interval minimizing cost, zero downtime. Also if there are any other better approaches!