K
Q

How to mount same volume on to all pods in a kubernetes namespace

2/13/2020

We have a namespace in kubernetes where I would like some secrets (files like jks,properties,ts,etc.) to be made available to all the containers in all the pods (we have one JVM per container & one container per pod kind of Deployment).

I have created secrets using kustomization and plan to use it as a volume for spec of each Deployment & then volumeMount it for the container of this Deployment. I would like to have this volume to be mounted on each of the containers deployed in our namespace.

I want to know if kustomize (or anything else) can help me to mount this volume on all the deployments in this namespace?

I have tried the following patchesStrategicMerge

---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: myNamespace
spec:
  template:
    spec:
      imagePullSecrets:
        - name: pull-secret
      containers:
        - volumeMounts:
          - name: secret-files
            mountPath: "/secrets"
            readOnly: true
      volumes:
      - name: secret-files
        secret:
          secretName: mySecrets
          items:
          - key: key1
            path: ...somePath
          - key: key2
            path: ...somePath

It requires name in metadata section which does not help me as all my Deployments have different names.

-- Mukund Jalan
kubectl
kubernetes
kustomize

Similar Questions

How to mount local volume hostPath with AKS?
Can not change timezone for kubernetes pod
Apache Flink deployment in Kubernetes - availability & scalability
connection timed out; no servers could be reached when connect CoreDNS server

3 Answers

2/13/2020

To mount secret as volume you need to update yaml construct for your pod/deployment manifest files and rebuild them.

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
    - name: my-container
      image: nginx
      volumeMounts:
        - name: my-secret-volume
          mountPath: /etc/secretpath
  volumes:
    - name: my-secret-volume
      secret:
        secretName: my-secret

kustomize (or anything else) will not mount it for you.

-- DT.
Source: StackOverflow
2/14/2020

PodPresent (https://kubernetes.io/docs/tasks/inject-data-application/podpreset/) is one way to do this but for this all pods in your namespace should match the label you specify in PodPresent spec.

Another way (which is most popular) is to use Dynamic Admission Control (https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) and write a Mutating webhook in your cluster which will edit your pod spec and add all the secrets you want to mount. Using this you can also make other changes in your pod spec like mounting volumes, adding label and many more.

-- anmol agrawal
Source: StackOverflow
2/14/2020

Inject Information into Pods Using a PodPreset

You can use a PodPreset object to inject information like secrets, volume mounts, and environment variables etc into pods at creation time.

-- DT.
Source: StackOverflow