When creating projected volumes, consider the volume file path situations described in Understanding projected volumes.
The following example shows how to use a projected volume to mount an existing secret volume source. The steps can be used to create a user name and password secrets from local files. You then create a pod that runs one container, using a projected volume to mount the secrets into the same shared directory.
Procedure
To use a projected volume to mount an existing secret volume source.
-
Create files containing the secrets, entering the following, replacing the password and user information as appropriate:
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
pass: MWYyZDFlMmU2N2Rm
user: YWRtaW4=
The user
and pass
values can be any valid string that is base64 encoded.
The following example shows admin
in base64:
$ echo -n "admin" | base64
The following example shows the password 1f2d1e2e67df
in base64:.
$ echo -n "1f2d1e2e67df" | base64
-
Use the following command to create the secrets:
$ oc create -f <secrets-filename>
$ oc create -f secret.yaml
Example output
secret "mysecret" created
-
You can check that the secret was created using the following commands:
$ oc get secret <secret-name>
Example output
NAME TYPE DATA AGE
mysecret Opaque 2 17h
$ oc get secret <secret-name> -o yaml
$ oc get secret mysecret -o yaml
apiVersion: v1
data:
pass: MWYyZDFlMmU2N2Rm
user: YWRtaW4=
kind: Secret
metadata:
creationTimestamp: 2017-05-30T20:21:38Z
name: mysecret
namespace: default
resourceVersion: "2107"
selfLink: /api/v1/namespaces/default/secrets/mysecret
uid: 959e0424-4575-11e7-9f97-fa163e4bd54c
type: Opaque
-
Create a pod configuration file similar to the following that includes a volumes
section:
apiVersion: v1
kind: Pod
metadata:
name: test-projected-volume
spec:
containers