问题
I've created a secret using kubectl create secret generic production-tls --from-file=./tls.key --from-file=./tls.crt.
If I'd like to update the values - how can I do this?
回答1:
This should work:
kubectl create secret generic production-tls \
--from-file=./tls.key --from-file=./tls.crt --dry-run -o yaml |
kubectl apply -f -
回答2:
You can delete and immediately recreate the secret:
kubectl delete secret production-tls
kubectl create secret generic production-tls --from-file=./tls.key --from-file=./tls.crt
I put these commands in a script, on the first call you get a warning about the (not yet) existent secret, but this works.
回答3:
Alternatively, you can also use jq's = or |= operator to update secrets on the fly.
TLS_KEY=$(base64 < "./tls.key" | tr -d '\n')
TLS_CRT=$(base64 < "./tls.crt" | tr -d '\n')
kubectl get secrets production-tls -o json \
| jq '.data["tls.key"] |= "$TLS_KEY"' \
| jq '.data["tls.crt"] |= "$TLS_CRT"' \
| kubectl apply -f -
Although it might not be as elegant or simple as the kubectl create secret generic --dry-run approach, technically, this approach is truly updating values rather than deleting/recreating them. You'll also need jq and base64 (or openssl enc -base64) commands available, tr is a commonly-available Linux utility for trimming trailing newlines.
See here for more details about jq update operator |=.
回答4:
For more specific cases you might need to specify your namespace that the cert need to be renewed and delete the old one.
**For deletion of the cert **
kubectl delete secret -n `namespace`
**For creation of new cert to specific namespace **
kubectl create secret {your-cert-name} --key /etc/certs/{name}.com.key --cert /etc/certs/{name}.com.crt -n {namespace} ```
来源:https://stackoverflow.com/questions/45879498/how-can-i-update-a-secret-on-kubernetes-when-it-is-generated-from-a-file