'How can a sidecar restart the app container or its own pod?

I want to have a sidecar manage secret rotation, which requires the app container to restart in order to force it to pick up the updated credentials.

How can a sidecar force a container within the same pod to restart or the whole pod to restart?

Detailed explanation:

  • Services of different tech stacks need to start using secrets. Secrets can either be injected via CI/CD or fetched at runtime from AWS Secrets Manager.
  • Secrets need to be rotated every 3 months for security compliance reasons.
  • Secrets are only used once at startup to create the related client. Since they are not used continuously, they are not naturally refreshed if updated at source storage.
  • To minimise per-service development time, custom logic within each service to refresh the secrets should be avoided or minimised
kuberneteslifecyclesidecar


Solution 1:[1]

There is a following pattern to rotate secrets without need to restart containers if you are running apps in EKS or ECS.

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/rotate-credentials-without-restarting-containers.html

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Manmohan Mittal

Related Questions