1 個回答
- 最新
- 最多得票
- 最多評論
0
Consider switching from a pull model, to a push model. Create an automated workflow such that:
- Create an entirely new secret with the new data, leaving the old secret intact.
- Update the PodSpec of the Deployment to point to the new secret.
- Recycle your pods at a controlled rate. I recommend using a PodDisruptionBudget to prevent downtime here.
- Validate all pods have been updated and are using the new secret successfully. If this fails, switch back to the old secret as an error handled.
- Delete the old secret after such time that you feel comfortable.
If we automate this process with something like AWS Step Functions, then you never need to set up a polling API call.
已回答 1 年前
Isn’t it costlier though?
相關內容
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
Did you have a look at this? https://catalog.workshops.aws/eks-immersionday/en-US/secrets-manager/aws-secrets-manager
@alatech Yes, I had tried the approaches I have listed. What I need to know is the best method to use to obtain secrets and how to set rotation sync poll interval minimizing cost, zero downtime. Also if there are any other better approaches!