问题
I have the following yaml:
volumeMounts:
- name: app-secret
mountPath: /app
readOnly: true
volumes:
- name: app-secret
secret:
secretName: app-secret
items:
- key: app-secret.json
path: appsettings.secret.json
I expect the secret is mounted on /app/appsettings.secret.json
but it isn't. I don't know where it is mounted and the container crashes and I don't have a chance to kubectl exec
into the container to inspect where the secret is mounted. My guess is that it wipes out the content of /app
. Any advice and insight is appreciated.
回答1:
This works:
volumeMounts:
- name: app-secret
mountPath: /app/appsettings.secret.json
subPath: appsettings.secret.json
readOnly: true
volumes:
- name: app-secret
secret:
secretName: app-secret
items:
- key: app-secret.json
path: appsettings.secret.json
回答2:
Is it possible for you to share the full yaml to see if it has other issues and because of that it crashes for you?
I've tried this in my environment and it just works fine, please see the attached image.
tested on my env - see the following figure:
回答3:
Yes, you're asumption is right. Mounting into the root folder will This is why we usually mount secrets under different folder, like /senstivie
. I never tried @KOk , but it looks interesting - I'll be interesting to learn if it worked!
Anyway, if you want to see a real working example - this is the volume mount definition and this is the Dockerfile for an OSS project I built (Kamus, a solution for secrets encryption). It's similar to your use case - dotnet core, with appsettings.secrets.json. Please let me know if it didn't helped.
来源:https://stackoverflow.com/questions/57104822/kubernetes-secret-items-not-mounted-as-file-path