I'm using the following tech:
I created a secret:
╰ kubectl create secret generic my-secret --from-file=my-secret=/Users/superduper/project/src/main/resources/config-file.json --dry-run=client -o yaml
apiVersion: v1
data:
my-secret: <content>
kind: Secret
metadata:
creationTimestamp: null
name: my-secret
I then added the secret to my pod via a volume mount:
volumeMounts:
- mountPath: "/etc/config"
name: config
readOnly: true
volumes:
- name: config
secret:
secretName: my-secret
but the problem is that when i view the /etc/config diretory, the contents shows my-secret
under a timestamp directory:
directory:/etc/config/..2021_07_10_20_14_55.980073047
file:/etc/config/..2021_07_10_20_14_55.980073047/my-secret
is this normal? is there anyway i can get rid of that timestamp so I can programmatically grab the config secret?
This is the way Kubernetes mounts Secrets and ConfigMaps by default in order to propagate changes downward to those volume mounts if an upstream change occurs. If you would rather not use a symlink and want to forfeit that ability, use the subPath
directive and your mount will appear as you wish.
volumeMounts:
- mountPath: /etc/config/my-secret
name: config
subPath: my-secret
readOnly: true
volumes:
- name: config
secret:
secretName: my-secret
$ k exec alpine -it -- /bin/ash
/ # ls -lah /etc/config/
total 12K
drwxr-xr-x 2 root root 4.0K Jul 10 22:58 .
drwxr-xr-x 1 root root 4.0K Jul 10 22:58 ..
-rw-r--r-- 1 root root 9 Jul 10 22:58 my-secret
/ # cat /etc/config/my-secret
hi there