I've created a secret using kubectl create secret generic production-tls --from-file=./tls.key --from-file=./tls.crt.
If I'd like to update the values - how can I do this?
This should work:
kubectl create secret generic production-tls \
--from-file=./tls.key --from-file=./tls.crt --dry-run -o yaml |
kubectl apply -f -
You can delete and immediately recreate the secret:
kubectl delete secret production-tls
kubectl create secret generic production-tls --from-file=./tls.key --from-file=./tls.crt
I put these commands in a script, on the first call you get a warning about the (not yet) existent secret, but this works.
Alternatively, you can also use jq's = or |= operator to update secrets on the fly.
TLS_KEY=$(base64 < "./tls.key" | tr -d '\n')
TLS_CRT=$(base64 < "./tls.crt" | tr -d '\n')
kubectl get secrets production-tls -o json \
| jq '.data["tls.key"] |= "$TLS_KEY"' \
| jq '.data["tls.crt"] |= "$TLS_CRT"' \
| kubectl apply -f -
Although it might not be as elegant or simple as the kubectl create secret generic --dry-run approach, technically, this approach is truly updating values rather than deleting/recreating them. You'll also need jq and base64 (or openssl enc -base64) commands available, tr is a commonly-available Linux utility for trimming trailing newlines.
See here for more details about jq update operator |=.
来源:https://stackoverflow.com/questions/45879498/how-can-i-update-a-secret-on-kubernetes-when-it-is-generated-from-a-file