K
Q

Openshift 4 ConfigMap binary file is mounted as directory

12/3/2020

I have created ConfigMap from Openshift 4 Windows 10 CLI:

.\oc create configmap my-cacerts --from-file=cacerts

I can see ConfigMap with name my-cacerts and download binary file cacerts from it using web interface of Openshift 4

Now I mount it (part of my-deployment.yaml)

containers:
  volumeMounts:
    - name: my-cacerts-volume
      mountPath: /etc/my/cacerts
volumes:
  - name: my-cacerts-volume
    config-map: 
      name: my-cacerts

Unfortunately /etc/my/cacerts is mounted as a empty folder but not as a single binary file.

How can I mount cacerts as a file and not as a directory?

Update:

If I issue 

.\oc get configmap my-cacerts

There is following output:

apiVersion: v1
binaryData:
  cacerts: ... big long base64...
kind: ConfigMap
metadata: ...

If I issue

.\oc describe pod my-pod

I get 

Volumes:
  my-cacerts-volume:
    Type: EmptyDir (a temporary directory that shares a pod's lifetime)
-- tillias
configmap
kubernetes
openshift

Similar Questions

Deploying 2 Namespaces With 1 MongoDB Instance In Each
kubernetes Application downtime
Max size of Environment variables in kubernetes
enable virtual nodes in azure kubernates with terraform
Kubernetes Load Balancer Type not responding to External IP Address

2 Answers

12/7/2020

For Openshift 4 defaultMode should be specified:

      volumeMounts:
        - mountPath: /etc/my
          name: cacerts-ref
          readOnly: true
  volumes:
    - name: cacerts-ref
      configMap:
        defaultMode: 420
        name: cacerts

After that configMap contents are mapped correctly.

.\oc describe pod my-pod

Volumes:
  cacerts-ref:
    Type:      ConfigMap (a volume populated by a ConfigMap)
Name:      cacerts
Optional:  false
-- tillias
Source: StackOverflow
12/3/2020

Your volumes definition is incorrect, config-map does not exist and is invalid, but it seems the API is silently falling back to an EmptyDir here, thus leading to an empty directory.

When you create a ConfigMap using the oc command above, the result will be a ConfigMap that looks like this (note that there is one key called "cacerts"):

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-cacerts
data:
  cacerts: |
    Hello world!

In the volumes section, then use configMap: together with subPath as follows to mount a only a single key ("cacerts") from your ConfigMap:

$ oc edit deployment my-deployment
[..]
    spec:
      containers:
      - image: registry.fedoraproject.org/fedora-minimal:33
        name: fedora-minimal
        volumeMounts:
        - mountPath: /etc/my/cacerts
          name: my-cacerts-volume
          subPath: cacerts
[..]
      volumes:
      - configMap:
          name: my-cacerts
          defaultMode: 420
        name: my-cacerts-volume

This then results in:

$ oc rsh ...
sh-5.0$ ls -l /etc/my/cacerts
-rw-r--r--. 1 root 1000590000 13 Dec  3 19:11 /etc/my/cacerts
sh-5.0$ cat /etc/my/cacerts
Hello world!

You can also leave subPath out and set /etc/my/ as the destination for the same result, as for each key there will be a file:

[..]
        volumeMounts:
        - mountPath: /etc/my/
          name: my-cacerts-volume
[..]
      volumes:
      - configMap:
          name: my-cacerts
        name: my-cacerts-volume

For the right syntax, you can also check the documentation

-- Simon
Source: StackOverflow