K
Q

Mounting a k8s secret using kustomize

1/7/2021

I've been searching for a while, but I'm pretty new to kustomize. It's taken me a while to get my head around the concept of overlays etc.

I'm trying to use a kustomization file to mount an existing secret into the pod. I can't do it in the deployment because it's a single deployment with 3 different versions of the deployment being handled by kustomize. Each needs a different secret mounting.

So the obvious answer would be to mount the secret as a volume using either a kustomize file in the base or overlay.

I've found information on generating a secret with kustomize, but the secret already exists and is passed in as a kubernetes secret elsewhere.

So to summarize...

base/
├─ kustomization.yaml
├─ statefulset.yaml
├─ service.yaml
├─ instance1/
│  ├─ kustomization.yaml
├─ instance2/
│  ├─ kustomization.yaml
├─ instance3/
│  ├─ kustomization.yaml

So I'm looking to handle the mounting of the secret to a volume in the instance locations, because the secret will be different for instance 1,2 & 3.

Is this possible?

TIA

EDIT:

I've added a file for the secret (it's for certs hence being different for each instance).

base/
├─ kustomization.yaml
├─ statefulset.yaml
├─ service.yaml
├─ instance1/
│  ├─ kustomization.yaml
│  ├─ pki.yaml
├─ instance2/
│  ├─ kustomization.yaml
├─ instance3/
│  ├─ kustomization.yaml

My patch file (pki.yaml) looks like this:

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: de
spec:
  template:
    containers:
    - name: de
      volumeMounts:
        - mountPath: "/opt/de/pki"
          name: pki
          readOnly: true
      volumes:
        - name: pki
          secret:
            secretName: de_1_pki

Then in ./base/instance1/kustomization.yaml I have:

commonLabels:
  app: de-1
resources:
- ../base
nameSuffix: -1
images:
- newName: de-1
  name: de
patches:
  - pki.yaml

And for completeness my ./base/kustomization.yaml file:

kind: Kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
commonLabels:
  app: de
  affinity: directory
resources:
- service.yaml
- statefulset.yaml

I'm getting an error when deploying the above. So before I dig too deep, just wondering if I'm barking up the right tree?

-- jonnybinthemix
kubernetes
kustomize

Similar Questions

helm install failing on GKE
How to get the latency of an application deployed in Kubernetes?
How to find docker container by ip?
Linking operator deployment and custom resource
Create an Incident and Notifications in Stackdriver when a GKE Workload has Issues

1 Answer

1/8/2021

I managed to fix this with lots of tinkering.

I moved the base specifications for instances to overlays, and then added a patch that way.

Thanks

-- jonnybinthemix
Source: StackOverflow