K
Q

How to set default mode for secrets?

4/16/2020

When secrets are created, they are 0755 owned by root:

/ # ls -al /var/run/secrets/
total 0
drwxr-xr-x    4 root     root            52 Apr 16 21:56 .
drwxr-xr-x    1 root     root            21 Apr 16 21:56 ..
drwxr-xr-x    3 root     root            28 Apr 16 21:56 eks.amazonaws.com
drwxr-xr-x    3 root     root            28 Apr 16 21:56 kubernetes.io

I want them to be 0700 instead. I know that for regular secret volumes I can use

            - name: vol-sec-smtp
              secret:
                defaultMode: 0600
                secretName: smtp

and it will mount (at least the secret files themselves) as 0600. Can I achieve the same with the secrets located at /var/run/secrets directly from the yaml file?

-- graywolf
kubernetes

Similar Questions

Multi-Cluster Kubernetes Service Discovery using Consul and Spring Cloud Consul
Website responding with "default backend - 404" on GKE - Kubernetes
How to trim a string in YAML Go template?
How to create a Kubeflow component from a PyTorch job?

1 Answer

4/16/2020

You can disable the default service account token mount and then mount it yourself as you showed.

-- coderanger
Source: StackOverflow