kubernetes secret items not mounted as file path
I have the following yaml:
volumeMounts:
- name: app-secret
mountPath: /app
readOnly: true
volumes:
- name: app-secret
secret:
secretName: app-secret
items:
- key: app-secret.json
path: appsettings.secret.jsonI expect the secret is mounted on /app/appsettings.secret.json but it isn't. I don't know where it is mounted and the container crashes and I don't have a chance to kubectl exec into the container to inspect where the secret is mounted. My guess is that it wipes out the content of /app. Any advice and insight is appreciated.
Similar Questions
3 Answers
Is it possible for you to share the full yaml to see if it has other issues and because of that it crashes for you?
I've tried this in my environment and it just works fine, please see the attached image.
tested on my env - see the following figure:
This works:
volumeMounts:
- name: app-secret
mountPath: /app/appsettings.secret.json
subPath: appsettings.secret.json
readOnly: true
volumes:
- name: app-secret
secret:
secretName: app-secret
items:
- key: app-secret.json
path: appsettings.secret.jsonYes, you're asumption is right. Mounting into the root folder will This is why we usually mount secrets under different folder, like /senstivie. I never tried @KOk , but it looks interesting - I'll be interesting to learn if it worked!
Anyway, if you want to see a real working example - this is the volume mount definition and this is the Dockerfile for an OSS project I built (Kamus, a solution for secrets encryption). It's similar to your use case - dotnet core, with appsettings.secrets.json. Please let me know if it didn't helped.