Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

kubernetes secret items not mounted as file path

Tags:

kubernetes

mount-point

kubernetes-secrets

app-secret

I have the following yaml:

        volumeMounts:
        - name: app-secret
          mountPath: /app
          readOnly: true
      volumes:
      - name: app-secret
        secret:
          secretName: app-secret
          items:
          - key: app-secret.json
            path: appsettings.secret.json

I expect the secret is mounted on /app/appsettings.secret.json but it isn't. I don't know where it is mounted and the container crashes and I don't have a chance to kubectl exec into the container to inspect where the secret is mounted. My guess is that it wipes out the content of /app. Any advice and insight is appreciated.

like image 594
Kok How Teh Avatar asked Jul 19 '19 02:07

Kok How Teh

People also ask

Where do I mount secrets Kubernetes?

Secret files permissions If you don't specify any permissions, 0644 is used by default. You can also set a default mode for the entire Secret volume and override per key if needed. The secret is mounted on /etc/foo ; all the files created by the secret volume mount have permission 0400 .

How are Kubernetes secrets stored inside a container?

By default, data in Kubernetes secrets is stored in Base64 encoding, which is practically the same as plaintext. However, secrets give you more control over access and usage of passwords, keys, etc. Kubernetes can either mount secrets separately from the pods that use them, or save them as environment variables.

How do I make Kubernetes secrets from a file?

Create Kubernetes Secrets To create a Kubernetes secret, apply one of the following methods: Use kubectl for a command-line based approach. Create a configuration file for the secret. Use a generator, such as Kustomize to generate the secret.

Which file system do Secrets use in Kubernetes?

When using definition files, you can add the data in a base64 encoded format or plain text form. Kubernetes encodes the Secret data in base64 format. When you need to reveal a Secret text, you must base64-decode it. To enable containers to access Secrets, you have the option to mount the Secret as a volume.

1 Answers

This works:

 volumeMounts:
        - name: app-secret
          mountPath: /app/appsettings.secret.json
          subPath: appsettings.secret.json
          readOnly: true
      volumes:
      - name: app-secret
        secret:
          secretName: app-secret
          items:
          - key: app-secret.json
            path: appsettings.secret.json
like image 139
Kok How Teh Avatar answered Oct 19 '22 21:10

Kok How Teh
Sign in to Comment

Related questions

Kubernetes- Tolerations : node.kubernetes.io/unreachable:NoExecute for 300s
How to attach ACR from different Subscription to AKS? [closed]
Why can you set multiple accessModes on a persistent volume?
how can I create a service account for all namespaces in a kubernetes cluster?
Pod unable to install packages(apt-get update or apt-get install )
Why do I need save-config with kubctl apply?
How to communicate between containers in same POD in Kubernetes?
How to install a CA in Minikube so image pulls are trusted
Parse nginx ingress logs in fluentd
Using standalone 'gsutil' from within GKE
Detect Google Cloud Project Id from a container in Google hosted Kubernetes cluster
Kubernetes NetworkPolicy allow loadbalancer
How to save generated kube config to .kube/config
Analyze Kubernetes pod OOMKilled
Kubernetes ExternalName service does not resolve
how to write multi-line value in ksonnet/jsonnet
Helm Deployment vs Service
How to recycle pods in Kubernetes
Parse a nested variable from YAML file in bash
How can I get a list of all namespaces within a specific Kubernetes cluster, using the Kubernetes API?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!