borntyping

Can you use a Kubernetes secret from another namespace?

20 Aug 2024

Yes, and no:

A Pod can only reference a Secret in the same namespace1.

This means a Pod manifest can only use Secrets from the same namespace, whether it’s used for environment variables, mounting files, or configuring credentials for a container image registry.

RBAC can allow a ServiceAccount access to Secrets in other namespaces2.

This means an API request made from a Pod running in one namespace can access Secrets in another namespace.

  1. See imagePullReference and envFrom in the Pod API spec. 

  2. Which is how operators that manage secrets across multiple namespaces work. 

Recent Posts