I am trying to setup google kubernetes engine and its pods has to communicate with cloud sql database. The cloud sql database credentials stored on google cloud secret manger. How pods will fetch credentials from secret manager and if secret manager credentials updated how pod will get update the new secret.
How to setup above requirement. Can you someone please help on the same.
Thanks, Anand
CodePudding user response:
You can make your deployed application get the secret (password) programmatically, from Google Cloud Secret Manager. You can find and example in many languages in the following link: https://cloud.google.com/secret-manager/docs/samples/secretmanager-access-secret-version
But before make sure that your GKE setup, more specifically your application is able to authenticate to Google Cloud Secret Manager. The following links can help you to choose the appropriate approche:
- https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform
- https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
CodePudding user response:
You can find information regarding that particular solution in this doc.
There are also good examples on medium here and here.
To answer your question regarding updating the secrets:
Usually secrets are pulled when the container is being created, but if you expect the credentials to change often (or for the pods to stick around for very long) you can adjust the code to update the secrets on every execution.