Inject sidcar on demand

Is any option to inject and detach sidecar to running pod on demand ?
Other wise any option to update pod local file (example /root/credentials) in runtime ?

No, if you modify the pod spec a new pod is created. It can’t be done on a running pod.

Not sure I understand what your update process is, a secret or configmap can be modified and, if mounted as a volume, the content will be updated. You just need your app to re-read it.

Will that work for you?

Hi @rata,

We want to inject the password/credentials into pod from outside, but we don’t want to use secrets/configmap.
During the pod startup we can use init container, but in case password change how to inject new password.
From the container we can exit with non zero but during the container restart init container won’t run.

Oh, I see. A usual work around is to use some annotation with a hash value or something, that you just change when changing the password. That way, you force a deploy.

But doing a deploy won’t work for you?

Another option I see (thinking out loud, so might not be the best) is just having a sidecar container that sortes the password in a shared volume (emptyDir, for example, that can be in RAM) and the other container reads it.

To handle undated the sidecar container just updates the file and then the main container can re-read it (using inotify for triggering the read or some other way you consider).

Would that work?