This approach makes secrets accessible as files. This file based access can be helpful in some specific situations like “I don’t know honestly”, Let me know in the comments if you know 😅.
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mycontainer
image: myimage
volumeMounts:
- name: secret-volume
mountPath: /etc/mysecrets
volumes:
- name: secret-volume
secret:
secretName: my-secret
The pod takes a secret named “my-secret” and mounts it to the /etc/mysecrets location.
As a secret – It might have one or many variables.
Lets say it has two keys – 1. DB_HOST,
2.DB_PASSWORD.
Now what the volumeMount does is, it gets all the variables of the secret – creates a file which has the key as the name and if you take a peek into the file it will have the value of the key.
The mountPath is the directory the files are going to be generated.
In our example, the /etc/mysecrets folder will have files named – DB_HOST, DB_PASSWORD.
If you read the file DB_HOST – you will get the value associated with it.
The same can be done for the configmaps as well.
This can be helpful when you want a file based approach. You can’t access the secret as an env in this approach, its just files.