We’re using secrets to store some sensitive data (namely serviceAccounts keys). I was wondering what would happen to pods (or workloads more generally) using those secrets when we rotate our serviceAccount keys. Pulumi would then try to recreate a new secret with new values. Will these be propagated to the workloads using them?
03/22/2022, 9:39 AM
It depends on how your secrets are setup with Pulumi. If they’re recreated on modification, then yes - workloads will be rescheduled with the changes (because the secret name will change).
If not, then the workloads will need to be restarted manually as configmaps and secret changes do not cause a pod to be recreated