无法将卷装入 kube.netes 中的 pod

Question

I have a pod, which is querying an AWS service using Boto. This pod runs in kube.netes cluster in EKS.

When running on a real cluster, we use ServiceAccount/Role/RoleBinding to give the Pod permission to acquire an IAM role.

But when I run it locally, using kind , I want it to use credentials that are in my ~/.aws directory.

So I mount the volumes as follows:

    volumes:
    - hostPath:
        path: /var/run/datadog
        type: ""
      name: dsdsocket
    - hostPath:
        path: /Users/me/.aws
        type: DirectoryOrCreate
      name: aws

And use them in the pod as follows:

      volumeMounts:
      - mountPath: /var/run/datadog
        name: dsdsocket
        readOnly: true
      - mountPath: /root/.aws
        name: aws
        readOnly: true

I have checked that there are credentials in ~/.aws/credentials

But the directory just shows up as empty inside the pod:

root@the_pod:/app# ls -al /root/.aws
total 8
drwxr-xr-x 2 root root 4096 Apr 12 19:33 .
drwx------ 1 root root 4096 May  9 17:22 ..

NOTE: I have tried mounting the actual credentials file in ~/.aws/credentials too, but it doesnt mount either.

Any ideas what i am doing wrong?

Answer 1

I guess you need to use extra mounts while creating the kind cluster, it is used to pass through storage on the host to a kind node for persisting data, mounting through code, etc.

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  # add a mount from /path/to/my/files on the host to /files on the node
  extraMounts:
  - hostPath: /path/to/my/files/
    containerPath: /files
    # optional: if set, the mount is read-only.
    # default false
    readOnly: true
    propagation: HostToContainer

Creating a kind cluster with a custom config file:

$ kind create cluster --config=kind-config.yaml