All Products
Search
Document Center

Mount a Secret volume to an elastic container instance

Last Updated: Nov 15, 2021

Typically, Kubernetes Secrets are used to store and manage sensitive data such as passwords and keys. Secrets store encrypted data in etcd for pods to access. You can mount a Secret as a volume to an elastic container instance in a pod. This way, you can access the data stored in the Secret. This topic describes how to mount a Secret volume to an elastic container instance.

Prerequisites

Your Kubernetes cluster is deployed with Virtual Kubelet.

Note

Alibaba Cloud Serverless Kubernetes (ASK) clusters are integrated with Virtual Kubelet. For other types of clusters, you must manually deploy Virtual Kubelet. For more information, see Connect an elastic container instance to a Kubernetes cluster.

Configuration example

You can mount a Secret volume to an elastic container instance in the same way that you mount a Secret volume to a Kubernetes cluster. Perform the following operations:

  1. Create a Secret.

    kubectl create secret generic demo --from-literal=raw=test-secret

    Run the following command to view the configuration information of the Secret:

    kubectl get secret demo -o yaml

    The following output is returned.

    apiVersion: v1
    data:
      raw: dGVzdC1zZWNyZXQ=
    kind: Secret
    metadata:
      creationTimestamp: "2020-01-20T13:14:22Z"
      name: demo
      namespace: default
      resourceVersion: "15357979"
      selfLink: /api/v1/namespaces/default/secrets/demo
      uid: c645990b-3b86-11ea-aa30-3e3af724****
    type: Opaque
  2. Prepare a YAML configuration file.

    vim test-secret.yaml

    The following code provides an example test-secret.yaml file.

    apiVersion: v1
    kind: Pod
    metadata:
      name: test-secret
      labels: 
        alibabacloud.com/eci: "true"   
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        volumeMounts:
        - name: secret-vol
          mountPath: "/cache-test"
          readOnly: true
      volumes:
      - name: secret-vol
        secret:
          secretName: demo
          items:
          - key: raw
            path: secrets/raw
  3. Deploy a pod.

    kubectl create -f test-secret.yaml
  4. View the mount result.

    Run the ls command to view the file directory in the pod. You can see the Secret volume is mounted to the elastic container instance.

    Mount a Secret volume to an elastic container instance