K
Q

Advantage of using volume secrets over usual volume mounting

3/18/2019

I was wondering if there is any advantage of using secrets over standard file mounting in Kubernetes. I have to provide credentials, saved on the host machine to one of pods and just cannot understand what are the pros of using them.

-- Mateusz StompĆ³r
kubernetes
kubernetes-secrets

Similar Questions

Kubernetes php-fpm missing ingress nginx configuration with minikube
not able to run hpa, get metrics to api metrics
AKS Dynamic Persistent Volume Claim using Azure Disk
Clean deploy of Spring boot microservices with Config Server
kubernetes nginx ingress server-snippet annotation not taking effect
K8s newbe question: Getting minikube to run singularity-cri
Kubernetes local cluster Pod hostPort - application not accessible
what is the kubectl equivalent of ibmcloud ks cluster get --cluster CLUSTER_NAME?
How to apply patch/put rest api for kubernetes Pod env variables

1 Answer

3/18/2019

The main idea of using secrets is to reduce exposure and make it more secure. It was specifically designed for this. As per documentation:

  • The data in the secrets is encoded (base64)
  • Secrets can only be referenced from the same namespace
  • A secret is only sent to a node if a pod on that node requires it. It is stored into a tmpfs and not written to disk. Once the pod that is using the secret is gone, kubelet will delete its local copy of the secret on that node.
  • You can set access rights (e.g 644)
  • If there are several secrets for several pods on the same node, one pod will not have access to the secrets of another pod, only the one that it asks for
-- Urosh T.
Source: StackOverflow