A Practical Guide to Kubernetes/

...

/

Mounting Generic Secrets

Mounting Generic Secrets

Learn to mount generic Secrets to secure the deployed Jenkins.

We'll cover the following...

Looking into the definition

Let’s see how we can mount the Secret we created. For this, let’s see an updated definition of jenkins.yml. The definition (limited to the relevant parts) is as follows:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
spec:
  ...
  template:
    ...
    spec:
      containers:
      - name: jenkins
        image: vfarcic/jenkins
        env:
        - name: JENKINS_OPTS
          value: --prefix=/jenkins
        volumeMounts:
        - name: jenkins-home
          mountPath: /var/jenkins_home
        - name: jenkins-creds
          mountPath: /etc/secrets
      volumes:
      - name: jenkins-home
        emptyDir: {}
      - name: jenkins-creds
        secret:
          secretName: my-creds
          defaultMode: 0444
          items:
          - key: username
            path: jenkins-user
          - key: password
            path: jenkins-pass
...

  • Lines 19–20: We add jenkins-creds which mounts the /etc/secrets directory.

  • Lines 24–26: The jenkins-creds volume references the Secret named my-creds. ...