Kubernetes Secrets create files that are mounted as a volumeMount.
There is possibility to put multiple files in a single Secret.
Is there a way to create a Secret that would put files in a directory structure (i.e. in a folder) ?
There is no sign of it in the docs, and using /
is not allowed in the key name, so it seems like it is not possible (except for making multiple secrets and mounting them in different volumes)
Does anyone know better?
A secret can be used with a pod in three ways: To populate environment variables for containers. As files in a volume mounted on one or more of its containers. By kubelet when pulling images for the pod.
A common approach to getting more secure secret management on Kubernetes is to introduce an external secret management solution, such as Hashicorp Vault, AWS Secrets Manager, Azure Key Vault, or Google Secret Manager.
The kubectl create secret command packages these files into a Secret and creates the object on the API server. You do not need to escape special characters in password strings that you include in a file. You can also provide Secret data using the --from-literal=<key>=<value> tag.
This is actually possible now: You need to use the items
field to project the key/value pairs in the secret to specific paths that you want. See the example in the section titled "Projection of secret keys to specific paths" in the secrets documentation, which I've linked and copied below: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: redis
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
items:
- key: username
path: my-group/my-username
This will place the secret with key "username" at the path /my_secret_volume/my-group/my-username
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With