When creating projected volumes, consider the volume file path situations described in Understanding projected vol`umes.
The following example shows how to use a projected volume to mount an existing secret volume source. The steps can be used to create a user name and password secrets from local files. You then create a pod that runs one container, using a projected volume to mount the secrets into the same shared directory.
Procedure
To use a projected volume to mount an existing secret volume source.
-
Create files containing the secrets, entering the following, replacing the password and user information as appropriate:
apiVersion: v1
kind: secret
metadata:
name: mysecret
type: Opaque
data:
pass: MWYyZDFlMmU2N2Rm
user: YWRtaW4=
The user
and pass
values can be any valid string that is base64 encoded.
The examples used here are base64 encoded values user: admin
, pass:1f2d1e2e67df
.
$ echo -n "admin" | base64
YWRtaW4=
$ echo -n "1f2d1e2e67df" | base64
MWYyZDFlMmU2N2Rm
-
Use the following command to create the secrets:
$ oc create -f <secrets-filename>
$ oc create -f secret.yaml
secret "mysecret" created
-
You can check that the secret was created using the following commands:
$ oc get secret <secret-name>
$ oc get secret <secret-name> -o yaml
$ oc get secret mysecret
NAME TYPE DATA AGE
mysecret Opaque 2 17h
$ oc get secret mysecret -o yaml
apiVersion: v1
data:
pass: MWYyZDFlMmU2N2Rm
user: YWRtaW4=
kind: secret
metadata:
creationTimestamp: 2017-05-30T20:21:38Z
name: mysecret
namespace: default
resourceVersion: "2107"
selfLink: /api/v1/namespaces/default/secrets/mysecret
uid: 959e0424-4575-11e7-9f97-fa163e4bd54c
type: Opaque
-
Create a pod configuration file similar to the following that includes a volumes
section:
apiVersion: v1
kind: Pod
metadata:
name: test-projected-volume
spec:
containers:
- name: test-projected-volume
image: busybox
args:
- sleep
- "86400"
volumeMounts:
- name: all-in-one
mountPath: "/projected-volume"
readOnly: true
volumes:
- name: all-in-one
projected:
sources:
- secret: (1)
name: user
- secret: (1)
name: pass
1 |
The name of the secret you created. |
-
Create the pod from the configuration file:
$ oc create -f <your_yaml_file>.yaml
$ oc create -f secret-pod.yaml
pod "test-projected-volume" created
-
Verify that the pod container is running, and then watch for changes to
the Pod:
The output should appear similar to the following:
$ oc get pod test-projected-volume
NAME READY STATUS RESTARTS AGE
test-projected-volume 1/1 Running 0 14s
-
In another terminal, use the oc exec
command to open a shell to the running container:
$ oc exec -it <pod> <command>
$ oc exec -it test-projected-volume -- /bin/sh
-
In your shell, verify that the projected-volumes
directory contains your projected sources:
/ # ls
bin home root tmp
dev proc run usr
etc projected-volume sys var