K
Q

Can a single Secret be represented as a single file?

4/19/2017

I am new to Kubernetes (aren't we all?).

Can a Secret, consisting of course of keys and values, be represented as a single file when used by a container?

I understand that normally a Secret, when mounted by a container, is essentially a directory. I was wondering if there was some syntactic sugar or other construct that I'm missing that could represent it as, say, a Java Properties file, whose keys would be the secret's keys, and whose values would be the secret's values.

-- Laird Nelson
kubernetes

Similar Questions

Logs written to Stackdriver using Python client occasionally not being logged
Helm: Error: no available release name found
Executing multiple commands( or from a shell script) in a kubernetes pod
The l7-default-backend deployment gets reverted when I edit it

2 Answers

10/30/2018

For others visiting, this now possible using the stringData field of a Secret definition.

So for this example, I have a secret called environment-secrets. This secret contains a single key called env.yml, which is itself a YAML file containing a number of key=value parings. I want to mount this secret onto my pods at /credentials/env/env.yml.

Firstly I define the object definition for the secret as follows in a file called environment-secret.yml:

- kind: Secret
  apiVersion: v1
  metadata:
    name: environment-secret
  type: Opaque
  stringData:
    env.yml: |-
      db_host=my-db.host
      db_user=db-user
      db_password=db-pass

I then create the secret using kubectl create -f environment-secret.yml. Upon creation, the values in the env.yml stringData field are converted into a env.yml entry in the data field of the secret.

Next I update my PodSpec to mount the secret at my desired location. So I firstly define the secret as a volume:

volumes:
   - name: environment-secret
     secret:
     optional: false
      secretName: environment-secret

And then update the mountPoints to mount this secret at my preferred location within my containers:

volumeMounts:
- mountPath: /credentials/env
  name: environment-secret

After this I have a file on my container at /credentials/env/env.yml that contains my key=value pairings.

-- Rob Blake
Source: StackOverflow
4/19/2017

This is not possible currently. The only way to get around this is to have a key value pair where the value is a base64 encoded JSON object.

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  conf.json: eyJrZXkiOiAidmFsdWUiLCAia2V5MiI6ICJ2YWx1ZTIifQ==

The conf.json value is just:

echo -n '{"key": "value", "key2": "value2"}' | base64
-- iamnat
Source: StackOverflow