Mounting entire volumes as secrets in kubernetes

Question

I am running locally a container as follows:

docker run --rm \
  --name=my-container \
  --net=host \
  -v $(pwd)/producer.properties:/etc/replicator/producer.properties \
  -v $(pwd)/consumer.properties:/etc/replicator/consumer.properties \
  -v $(pwd)/service-keystore.jks:/etc/replicator/destination.keystore.jks \
  -v $(pwd)/service-truststore.jks:/etc/replicator/destination.truststore.jks \
  repo/image

The problem is that all files mounted as volumes contain sensitive data.

I am trying to port the above to kubernetes

How can I mount the files, and treat them as secrets at the same time?

Arghya Sadhu · Accepted Answer · 2020-06-26T09:58:55.577

3

Create a secret resource from the files with name secretname(example) and mount the secret into the container directly as below

spec:
  volumes:
  - name: secret-volume
    secret:
      secretName: secretname
  containers:
  - name: containername
    image: imagename
    volumeMounts:
    - name: secret-volume
      readOnly: true
      mountPath: "/etc/secret-volume"

edited Jun 26 '20 at 09:58

answered Jun 26 '20 at 09:40

Arghya Sadhu

41,002
9
78
107

I assume the secret should be created from my files containing sensitive data, right? – pkaramol Jun 26 '20 at 09:56
yes refer https://kubernetes.io/docs/concepts/configuration/secret/#generating-a-secret-from-files – Arghya Sadhu Jun 26 '20 at 09:57

Mounting entire volumes as secrets in kubernetes

1 Answers1