Does the CyberArk offers a robust solution for applications in a Kubernetes environment that requires updating secrets in the Kubernetes secrets resource? With CyberArk Conjur, organizations can seamlessly manage secrets within their Kubernetes clusters, eliminating the need to retrieve secrets from the DAP token in the mount point (Kubernetes authenticator using sidecar).
have you tried this ?
Hi Piyush - Yes, I tried, but I noticed that after password rotation, it is not retrieving the latest secrets. It appears that the cyberark-secrets-provider-for-k8s is functioning as an init container and is not dynamically fetching the secrets.
In the Kubernetes authenticator client, the sidecar offers dynamic fetching of secrets; but, it operates based on token-based retrieval of secrets.
Hi Phani,
Yes you are right. Did you tried with a Cron Job to fetch secret periodically?
Job with name: secrets-provider
use service account
load the container image - …/secrets-provider-for-k8s…
…
…
mapping with config map
Hi,
The only way to get the secrets updated through secrets-for-k8s is to schedule to fetch the secrets through a cron-job. Dont forget in case of batch retrievals, everytime all the secret values will be wiped and recreated in the namespace.
Kr,
Gautam