How to copy kubernetes/openshift secrets into a volume for init container job?
Question
There is a init container which copies keystore.jks from nexus repo into a volume during the build of docker file via curl. Then once the init container is alive the python code that takes that keystore.jks and makes necessary updates then init container dies. What we are trying to do is to store this keystore.jks as a secret in openshift BUT how to copy secret into volume once init container is alive? so that python code can use it as it was before? Thanks in advance for any comments/help!
1 answers
solution1
1 2021-04-07 18:44:38
As @larsks suggests you can mount the secret to volume and use it for the main container.
here sharing YAML configuration that might help you understand.
apiVersion: v1
kind: Secret
metadata:
name: ssh-key
namespace: acme
data:
id_rsa: {{ secret_value_base64_encoded }}
now adding secret to mount path
spec:
template:
spec:
containers:
- image: "my-image:latest"
name: my-app
...
volumeMounts:
- mountPath: "/var/my-app"
name: ssh-key
readOnly: true
initContainers:
- command:
- sh
- -c
- chown -R 1000:1000 /var/my-app #if any changes required
image: busybox:1.29.2
name: set-dir-owner
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/my-app
name: ssh-key
volumes:
- name: ssh-key
secret:
secretName: ssh-key
as suggested better option is to directly mount the secret to the main container without init contianer.
spec:
template:
spec:
containers:
- image: "my-image:latest"
name: my-app
...
volumeMounts:
- mountPath: "/var/my-app"
name: ssh-key
readOnly: true
volumes:
- name: ssh-key
secret:
secretName: ssh-key
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.