I have the following yaml:
volumeMounts:
- name: app-secret
mountPath: /app
readOnly: true
volumes:
- name: app-secret
secret:
secretName: app-secret
items:
- key: app-secret.json
path: appsettings.secret.json
I expect the secret is mounted on /app/appsettings.secret.json
but it isn't. I don't know where it is mounted and the container crashes and I don't have a chance to kubectl exec
into the container to inspect where the secret is mounted. My guess is that it wipes out the content of /app
. Any advice and insight is appreciated.
Secret files permissions If you don't specify any permissions, 0644 is used by default. You can also set a default mode for the entire Secret volume and override per key if needed. The secret is mounted on /etc/foo ; all the files created by the secret volume mount have permission 0400 .
By default, data in Kubernetes secrets is stored in Base64 encoding, which is practically the same as plaintext. However, secrets give you more control over access and usage of passwords, keys, etc. Kubernetes can either mount secrets separately from the pods that use them, or save them as environment variables.
Create Kubernetes Secrets To create a Kubernetes secret, apply one of the following methods: Use kubectl for a command-line based approach. Create a configuration file for the secret. Use a generator, such as Kustomize to generate the secret.
When using definition files, you can add the data in a base64 encoded format or plain text form. Kubernetes encodes the Secret data in base64 format. When you need to reveal a Secret text, you must base64-decode it. To enable containers to access Secrets, you have the option to mount the Secret as a volume.
This works:
volumeMounts:
- name: app-secret
mountPath: /app/appsettings.secret.json
subPath: appsettings.secret.json
readOnly: true
volumes:
- name: app-secret
secret:
secretName: app-secret
items:
- key: app-secret.json
path: appsettings.secret.json
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With