Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

is there a way to create a Kubernetes Secret subdirectory?

Tags:

kubernetes

Kubernetes Secrets create files that are mounted as a volumeMount.

There is possibility to put multiple files in a single Secret.

Is there a way to create a Secret that would put files in a directory structure (i.e. in a folder) ?

There is no sign of it in the docs, and using / is not allowed in the key name, so it seems like it is not possible (except for making multiple secrets and mounting them in different volumes)

Does anyone know better?

like image 525
MrE Avatar asked Jan 21 '16 22:01

MrE


People also ask

Is it possible to mount secrets to pods?

A secret can be used with a pod in three ways: To populate environment variables for containers. As files in a volume mounted on one or more of its containers. By kubelet when pulling images for the pod.

How do you secure Kubernetes secrets?

A common approach to getting more secure secret management on Kubernetes is to introduce an external secret management solution, such as Hashicorp Vault, AWS Secrets Manager, Azure Key Vault, or Google Secret Manager.

Which command lets you create secrets in a Kubernetes cluster?

The kubectl create secret command packages these files into a Secret and creates the object on the API server. You do not need to escape special characters in password strings that you include in a file. You can also provide Secret data using the --from-literal=<key>=<value> tag.


1 Answers

This is actually possible now: You need to use the items field to project the key/value pairs in the secret to specific paths that you want. See the example in the section titled "Projection of secret keys to specific paths" in the secrets documentation, which I've linked and copied below: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: mypod
    image: redis
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
      readOnly: true
  volumes:
  - name: foo
    secret:
      secretName: mysecret
      items:
      - key: username
        path: my-group/my-username

This will place the secret with key "username" at the path /my_secret_volume/my-group/my-username

like image 96
Evan Jones Avatar answered Oct 02 '22 14:10

Evan Jones