kubernetes secret items not mounted as file path

Asked 19/7, 2019 at 2:36 Answered 21/7, 2019 at 6:6

Solved kubernetes mount-point kubernetes-secrets app-secret

I have the following yaml:

        volumeMounts:
        - name: app-secret
          mountPath: /app
          readOnly: true
      volumes:
      - name: app-secret
        secret:
          secretName: app-secret
          items:
          - key: app-secret.json
            path: appsettings.secret.json

I expect the secret is mounted on /app/appsettings.secret.json but it isn't. I don't know where it is mounted and the container crashes and I don't have a chance to kubectl exec into the container to inspect where the secret is mounted. My guess is that it wipes out the content of /app. Any advice and insight is appreciated.

Homogeneous answered 19/7, 2019 at 2:36 Comment(2)

the problem may be in your containers[] section. If not, then describe your pod using $ kubectl describe cmd. – Botvinnik 19/7, 2019 at 7:10

Does you app also run from /app folder? Because I think the secret-mount will replace any contents of /app from your container image. Maybe try mounting as /config or similar. – Mascon 19/7, 2019 at 8:27

This works:

 volumeMounts:
        - name: app-secret
          mountPath: /app/appsettings.secret.json
          subPath: appsettings.secret.json
          readOnly: true
      volumes:
      - name: app-secret
        secret:
          secretName: app-secret
          items:
          - key: app-secret.json
            path: appsettings.secret.json

Homogeneous answered 20/7, 2019 at 13:9 Comment(2)

Does this support adding multiple files ? – Eamon 9/12, 2019 at 18:22

If you created a singleton secret with kubectl create secret genetic --from-file ./something.ext then the key under items will be something.ext. This works great! – Jezabel 4/3, 2021 at 20:59

Is it possible for you to share the full yaml to see if it has other issues and because of that it crashes for you?

I've tried this in my environment and it just works fine, please see the attached image.

tested on my env - see the following figure:

Discovert answered 19/7, 2019 at 5:57 Comment(1)

Does it overwrite the content of /app folder? I guess this happens which causes my application to crash because /app is root of the application. – Homogeneous 19/7, 2019 at 7:17

-1

Yes, you're asumption is right. Mounting into the root folder will This is why we usually mount secrets under different folder, like /senstivie. I never tried @KOk , but it looks interesting - I'll be interesting to learn if it worked!

Anyway, if you want to see a real working example - this is the volume mount definition and this is the Dockerfile for an OSS project I built (Kamus, a solution for secrets encryption). It's similar to your use case - dotnet core, with appsettings.secrets.json. Please let me know if it didn't helped.

Krueger answered 21/7, 2019 at 6:6 Comment(0)

Recommended topics

Hot tags