Question 83761 in Docker Question posted in
The official documentation can be found here.

Pass file to docker container in a kubernetes Pod

I’m beginner in Kubernetes, what I would like to achieve is :

  • Pass user’s ssh private/public key to the Pod and then to the Docker container (there’s a shell script that will be using this key)

So I would like to know if it’s possible to do that in the Kubectl apply ?

My pod.yaml looks like :

apiVersion: v1
kind: Pod
metadata:
  generateName: testing
  labels:
    type: testing
  namespace: ns-test
  name: testing-config
spec:
  restartPolicy: OnFailure
  hostNetwork: true
  containers:
    - name: mycontainer
      image: ".../mycontainer:latest"
Tags:

2

Answers


  1. 0

    First, you create a secret with your keys: kubectl create secret generic mysecret-keys --from-file=privatekey=</path/to/the/key/file/on/your/host> --from-file=publickey=</path/to/the/key/file/on/your/host>

    Then you refer to the key files using the secret in your pod:

    apiVersion: v1
kind: Pod
metadata:
  ...
spec:
  ...
  containers:
  - name: mycontainer
    image: ".../mycontainer:latest"
    volumeMounts:
    - name: mysecret-keys
      mountPath: /path/in/the/container  # <-- privatekey & publickey will be mounted as file in this directory where your shell script can access
  volumes:
  - name: mysecret-keys
    secret:
      secretName: mysecret-keys  # <-- mount the secret resource you created above

    You can check the secret with kubectl get secret mysecret-keys --output yaml. You can check the pod and its mounting with kubectl describe pod testing-config.

    Login or Signup to reply.
  2. 0

    you have to store the private / public key in a kubernetes secret object

    apiVersion: v1
kind: Secret
metadata:
  name: mysshkey
  namespace: ns-test
data:
  id_rsa: {{ value }}
  id_rsa.pub: {{ value }}

    and now you can mount this secret file in your container:

          containers:
      - image: "my-image:latest"
        name: my-app
        ...
        volumeMounts:
          - mountPath: "/var/my-app"
            name: ssh-key
            readOnly: true
      volumes:
        - name: ssh-key
          secret:
            secretName: mysshkey

    The documentation of kuberentes provides also an chapter of Using Secrets as files from a Pod

    It’s not tested but i hope it works.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search