Menu
I'm trying to clean up some leftover data from a failed deployment of rabbitmq. As such, I have 3 secrets that were being used by rabbit services that never fully started. Whenever I try to delete these using kubectl delete secret they get recreated with a similar name instantly (even when using --force).
I do not see any services or pods that are using these secrets, so there shouldn't be any reason they are persisting.
Example of what happens when I delete:
936
Kubernetes Secrets are, by default, stored unencrypted in the API server's underlying data store (etcd). Anyone with API access can retrieve or modify a Secret, and so can anyone with access to etcd.
It removes the Pod in the API immediately so a new Pod can be created with the same name. On the node, Pods that are set to terminate immediately will still be given a small grace period before being force killed.
Using Immutable SecretsKubernetes provides an option to set individual Secrets as immutable.
The reason they wouldn't delete is because they were associated with a service account.
I found this by looking at their yaml files, which mentioned they were for a service account.
I then ran
kubectl get serviceaccounts
which returned a list of accounts that had identical names. After running
kubectl delete serviceaccounts <accountName>
The secrets removed themselves.
However, if they do not, you can still get and delete them with
kubectl get secrets
kubectl delete secret <secret name>
If you do not see the item in question, you may want to append --all-namespaces to see "all" of them, as by default it looks at the top level of your kubernetes environment.
149
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With