Kubernetes VolumeMount Path contains Timestamp

7/10/2021

I'm using the following tech:

  • helm
  • argocd
  • k8s

I created a secret:

╰ kubectl create secret generic my-secret --from-file=my-secret=/Users/superduper/project/src/main/resources/config-file.json --dry-run=client -o yaml
apiVersion: v1
data:
  my-secret: <content>
kind: Secret
metadata:
  creationTimestamp: null
  name: my-secret

I then added the secret to my pod via a volume mount:

volumeMounts:
  - mountPath: "/etc/config"
    name: config
    readOnly: true
volumes:
  - name: config
    secret:
    secretName: my-secret

but the problem is that when i view the /etc/config diretory, the contents shows my-secret under a timestamp directory:

directory:/etc/config/..2021_07_10_20_14_55.980073047
     file:/etc/config/..2021_07_10_20_14_55.980073047/my-secret

is this normal? is there anyway i can get rid of that timestamp so I can programmatically grab the config secret?

-- j will
argocd
continuous-integration
docker
kubernetes
kubernetes-helm

1 Answer

7/10/2021

This is the way Kubernetes mounts Secrets and ConfigMaps by default in order to propagate changes downward to those volume mounts if an upstream change occurs. If you would rather not use a symlink and want to forfeit that ability, use the subPath directive and your mount will appear as you wish.

 volumeMounts:
    - mountPath: /etc/config/my-secret
      name: config
      subPath: my-secret
      readOnly: true
  volumes:
    - name: config
      secret:
        secretName: my-secret
$ k exec alpine -it -- /bin/ash
/ # ls -lah /etc/config/
total 12K
drwxr-xr-x    2 root     root        4.0K Jul 10 22:58 .
drwxr-xr-x    1 root     root        4.0K Jul 10 22:58 ..
-rw-r--r--    1 root     root           9 Jul 10 22:58 my-secret
/ # cat /etc/config/my-secret
hi there
-- Chip Zoller
Source: StackOverflow