I have defined a deployment file:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ ... }}
labels:
app.kubernetes.io/name: {{ ... }}
helm.sh/chart: {{ ... }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
...
My service implements JWT validation and thus requires a public key. Can I somehow specify in the deployment file to serve a locally generated pub key file to my service?
I ended up using secrets suggested by @Crou to create the key:
$ kubectl create secret generic pub-key --from-file=./jwt-key.pub
and then mounted it to a volume in my deployment yaml:
spec:
volumes:
- name: secret
secret:
secretName: pub-key
defaultMode: 256
...
containers:
volumeMounts:
- name: secret
readOnly: true
mountPath: /secret
and was able to access my key at /secret/jwt-key.pub
You can do it with configmaps
. Config maps are resources that are used to deploy single files (basically). I'm currently using one for my clusters nginx configuration.
In your config file , write the contents of your public key to your data field and then tell your deployment to use that config file and read from it. It's very similar to mounting a volume for a single file only. You may need to update your deployed image to read from the mounted location though.
Search for nginx in kubernetes
for examples of how people use configmaps to deploy their configurations (in your case public key) to the clusters.
For testing you can create your config map with this command kubectl create configmap public-conf --from-file=./your-public-key
. This will create a configmap called public-conf. You can run kubectl get configmap
to see your newly created configmap.