1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Consider switching from a pull model, to a push model. Create an automated workflow such that:
- Create an entirely new secret with the new data, leaving the old secret intact.
- Update the PodSpec of the Deployment to point to the new secret.
- Recycle your pods at a controlled rate. I recommend using a PodDisruptionBudget to prevent downtime here.
- Validate all pods have been updated and are using the new secret successfully. If this fails, switch back to the old secret as an error handled.
- Delete the old secret after such time that you feel comfortable.
If we automate this process with something like AWS Step Functions, then you never need to set up a polling API call.
con risposta un anno fa
Isn’t it costlier though?
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 9 mesi fa
Did you have a look at this? https://catalog.workshops.aws/eks-immersionday/en-US/secrets-manager/aws-secrets-manager
@alatech Yes, I had tried the approaches I have listed. What I need to know is the best method to use to obtain secrets and how to set rotation sync poll interval minimizing cost, zero downtime. Also if there are any other better approaches!