how to make a file accessible to a containers running inside a kubernetes pod on GKE

6/4/2019

Let's say I have a secret file, that I want to be accessible by a docker container that is running inside a pod in the kubernetes cluster. Over time many such new pods will be created on the cluster and they all will require access to that file. So how can I do this?

I was thinking of creating a kubernetes volume, store that secret file into the volume and make volume accessible to containers. But I don't exactly know how to do that, and out of so many volume types available in kubernetes which one to use?

-- Vishal Tewatia
google-kubernetes-engine

1 Answer

6/5/2019

Depending on how large your secret file is, you should consider putting it into a Kubernetes Secret. On many installations, secrets are treated differently by the storage layer (e.g. encrypted at rest) whereas if you use volumes you will need to add any additional protections yourself.

If your file is too large to fit into a secret and you are running on GKE (which you might be based on the question tag), then a GCEPersistentDisk would be a good volume type to use. One neat thing about GCE PDs is that they "can be mounted as read-only by multiple consumers simultaneously" - so you can pre-populate your secret data onto a disk and then mount it (read-only) into all of the pods that need access to the data.

-- Robert Bailey
Source: StackOverflow