How do I mount a single file from a secret in Kubernetes?

Chris Stryczynski picture Chris Stryczynski · Nov 14, 2018 · Viewed 13k times · Source

How can I mount a 'single' file from a secret?

I've created a secret with:

kubectl create secret generic oauth \
        --from-file=./.work-in-progress/oauth_private.key \
        --from-file=./.work-in-progress/oauth_public.key \

How can I mount the oauth_private.key file as a single file, rather than overriding the entire path with a directory that ONLY contains the two files (and potentially removing files that existed on the container initially)?

Answer

Emruz Hossain picture Emruz Hossain · Nov 14, 2018

You can do as bellow:

apiVersion: v1
kind: Pod
metadata:
  name: mypod
spec:
  containers:
  - name: mypod
    image: redis
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
      readOnly: true
  volumes:
  - name: foo
    secret:
      secretName: mysecret
      items:
      - key: username
        path: my-group/my-username

Suppose mysecret contains username and password. Above yaml will mount only username in /etc/foo/my-group/my-username directory.

For more details check this: Using Secrets as Files from a Pod