Support watching K8s secrets to change properties without restart

[mhartmann-jaconi]

Feature description

Feature Request
Support of watch mechanism for K8s secrets, read via K8s-api, so that secret content is stored as property source in application context without a server restart.

Current State
From this documentation I get the impression (and my tests seem to prove that), that only ConfigMaps can be watched to dynamically (without restart) provide configuration as property source in the application context.

My Usecase
I have an application, which does oauth-secured calls to other backend services in context of a "tenant" (a keycloak realm), where we have multiple ones of. To achieve that, we need a client-id/-secret per tenant in the application context.
From time to time, there are new keycloak realms added and new client-credentials get generated and reflected as K8s secrets automatically (initiated by a different team).
As a service owner I don't want to take manual action (restart service), when a new K8s secret appears, I just want the application to handle that by itself (eg. via K8s-api 'watch').

[alvarosanchez]

Secrets are supported too: https://github.com/micronaut-projects/micronaut-kubernetes/blob/master/src/main/docs/guide/config-client.adoc#secrets

Note that you need to explicitly enable it (and give your deployment secret read permissions).

Please give it a try.

[mhartmann-jaconi]

I already tried the same approach, as for configmaps:

micronaut:
  config-client:
    enabled: true

kubernetes:
  client:
    secrets:
      enabled: true
      watch: true
      labels:
        - app: keycloak

But unfortunately this doesn't seem to work. I need to restart the service to make it aware of new secrets.

[alvarosanchez]

My apologies, secrets watching is indeed not supported, but is a legitimate ask. Reopening this