I've created a secret and when I deploy an application intended to read the secret, the application complains that the secret is a directory.
What am I doing wrong? The file is intended to be read as, well, a file.
kc logs <pod>
(error) /var/config/my-file.yaml: is a directory.
The secret is created like this.
kubectl create secret generic my-file.yaml --from-file=my-file.yaml
And here is the deployment.
apiVersion: apps/v1
kind: Deployment
metadata:
name: a-name
spec:
replicas: 1
selector:
matchLabels:
name: a-name
template:
metadata:
labels:
name: a-name
spec:
volumes:
- name: my-secret-volume
secret:
secretName: my-file.yaml
containers:
- name: a-name
image: test/image:v1.0.0
volumeMounts:
- name: my-secret-volume
mountPath: /var/config/my-file.yaml
subPath: my-file.yaml
readOnly: true
ports:
- containerPort: 1234
- containerPort: 5678
imagePullPolicy: Always
args:
- run
- --config
- /var/config/my-file.yaml
revisionHistoryLimit: 1
You are using subPath in the volume mount section. According to Kubernetes volume doc, when you need same volume for different purpose in the same pod then you should use subPath.
But here you are using the volume for only single use. But I'll give you both yaml file with subPath and without subPath.
With SubPath
volumeMounts:
- name: my-secret-volume
mountPath: /var/config
subPath: config
readOnly: true
WithOut SubPath
volumeMounts:
- name: my-secret-volume
mountPath: /var/config
readOnly: true
Rest of the manifest file will be same in both cases.