Search⌘ K
Home
Courses
A Practical Guide to Kubernetes

Mounting Generic Secrets

Explore the process of mounting generic Kubernetes Secrets into containerized applications to securely provide sensitive data. Understand setting appropriate file permissions, customizing secret file names, verifying secret injection, and confirming enhanced security for your deployments.

We'll cover the following...

Looking into the definition

Let’s see how we can mount the Secret we created. For this, let’s see an updated definition of jenkins.yml. The definition (limited to the relevant parts) is as follows:

YAML
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jenkins
spec:
  ...
  template:
    ...
    spec:
      containers:
      - name: jenkins
        image: vfarcic/jenkins
        env:
        - name: JENKINS_OPTS
          value: --prefix=/jenkins
        volumeMounts:
        - name: jenkins-home
          mountPath: /var/jenkins_home
        - name: jenkins-creds
          mountPath: /etc/secrets
      volumes:
      - name: jenkins-home
        emptyDir: {}
      - name: jenkins-creds
        secret:
          secretName: my-creds
          defaultMode: 0444
          items:
          - key: username
            path: jenkins-user
          - key: password
            path: jenkins-pass
...

  • Lines 19–20: We add jenkins-creds which mounts the /etc/secrets directory.

  • Lines 24–26: The jenkins-creds volume references the Secret named my-creds. ...