Kubernetes: Delete secret from pod
11,821
Solution 1
The way you should handle this the kubernetes way is:
kubectl delete secret <<secret name goes here>>
Solution 2
You can not delete secret from pod as it is mapped as volume. Even if you managed to delete, it will be recreated. So if you want to remove secret from pod, change pod spec and delete that secret conf from spec itself.
Related videos on Youtube
Author by
No1Lives4Ever
Updated on June 04, 2022Comments
-
No1Lives4Ever almost 2 years
I have pod running my application. The pod also contains my secret. The secret mapped to
/secret/mysecret.json
. I connecting to my pod with ssh and try to remove the secret from this pod instance:rm /secret/mysecret.json
I getting the Error:
rm: cannot remove 'mysecret.json': Read-only file system
According to this article, I tried to changed the
readOnly
settings toFalse
. No success.Also tried to unmount it, got errors:
$ umount /secret/mysecret.json umount: /app/secrets/app-specific: must be superuser to unmount
How I can delete secret from a pod?
-
No1Lives4Ever over 5 yearsThanks for the answer. Sounds wired that those files cannot be deleted without removing them form the YAML file. So, why the
readOnly
option mentioned there? -
No1Lives4Ever over 5 yearsThis will remove the secret from the cluster. I'm looking to remove the secret file from the pod instance (after loading and reading the secret).
-
Raunak Jhawar over 5 yearsThere is no concept of deleting or unmounting an artifact once deployed (and yet allow them to be running or hosted) on k8s cluster. Why is this even a requirement?
-
Rajesh Deshpande over 5 yearsreadOnly option used to make that not changeable. You can not edit that secret once created. It has nothing to do with delete Or remove.
-
No1Lives4Ever over 5 yearsAfter reading the certificate, I dont want to leaved them there. Just want to destroy them. It's security issue.
-
Raunak Jhawar over 5 yearsYou must understand that pods come and go, just like any other feature of k8s, in the event if pods go away, how will you ensure that the secrets are preserved when they instantiate again!
-
Vlad about 3 years@RaunakJhawar You did not get the point. Ability to delete secrets can seriously increase security of containerized application to store secrets only in memory of application, not in the environments or files since they do need after container start.