In kubernetes POD I have an option to mount a secret or a configmap as a volume mounted to the POD. It would be difficult to access these files as environment variables. So why should I be doing it instead of using them as environment variables?
Asked
Active
Viewed 653 times
2 Answers
2
This depends on how the application expect to load the secret.
E.g. if the application expect to load an SSL certificate file, it is possible to have the certificated as a file in a Secret and mount the Secret so that the application can read it as file.
Jonas
- 121,568
- 97
- 310
- 388
1
You don't have to always mount the secret or configmap. You can use them too set the environment variables as shown below
envFrom: - configMapRef: name: env-configmap - secretRef: name: env-secrets
However, there are situations when you might want to mount them as files. For example:
- You want to keep your nginx.conf decoupled from your docker image.
- Put your SSL Certs (cert + private keys) in secret to enable SSL on your web application
Rakesh Gupta
- 3,507
- 3
- 18
- 24