1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Consider switching from a pull model, to a push model. Create an automated workflow such that:
- Create an entirely new secret with the new data, leaving the old secret intact.
- Update the PodSpec of the Deployment to point to the new secret.
- Recycle your pods at a controlled rate. I recommend using a PodDisruptionBudget to prevent downtime here.
- Validate all pods have been updated and are using the new secret successfully. If this fails, switch back to the old secret as an error handled.
- Delete the old secret after such time that you feel comfortable.
If we automate this process with something like AWS Step Functions, then you never need to set up a polling API call.
답변함 일 년 전
Isn’t it costlier though?
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 9달 전
Did you have a look at this? https://catalog.workshops.aws/eks-immersionday/en-US/secrets-manager/aws-secrets-manager
@alatech Yes, I had tried the approaches I have listed. What I need to know is the best method to use to obtain secrets and how to set rotation sync poll interval minimizing cost, zero downtime. Also if there are any other better approaches!