Prerequisites:
- The virtual-kubelet node is deployed in the target Kubernetes cluster. Note that a serverless Kubernetes cluster is embedded with the virtual-kubelet node.
Elastic Container Instance (ECI) provides native support for secrets. You can use a secret in an ECI in the same way as that in native Kubernetes.
# kubectl create secret generic demo --from-literal=raw=test-secret
secret/demo created
# kubectl get secret demo -o yaml
apiVersion: v1
data:
raw: dGVzdC1zZWNyZXQ=
kind: Secret
metadata:
creationTimestamp: "2020-01-20T13:14:22Z"
name: demo
namespace: default
resourceVersion: "15357979"
selfLink: /api/v1/namespaces/default/secrets/demo
uid: c645990b-3b86-11ea-aa30-3e3af7242710
type: Opaque
Save the following sample code in a YAML file named pod.yaml:
apiVersion: v1
kind: Pod
metadata:
name: test-secret
spec:
nodeName: virtual-kubelet
containers:
- name: nginx
image: nginx:latest
volumeMounts:
- name: secret-vol
mountPath: "/cache-test"
readOnly: true
volumes:
- name: secret-vol
secret:
secretName: demo
items:
- key: raw
path: secrets/raw
Use the kubectl client to create an ECI based on the preceding configuration file.
# kubectl create -f pod.yaml
pod/test-secret created
# kubectl exec -it test-secret bash
root@test-secret:/# ls /cache-test/
secrets
root@test-secret:/# cat /cache-test/secrets/raw
test-secret
According to the command output, the secret is mounted to the ECI as a volume.