This page shows how to use a
projected Volume to mount
several existing volume sources into the same directory. Currently,
serviceAccountToken volumes can be projected.
serviceAccountTokenis not a volume type.
You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube, or you can use one of these Kubernetes playgrounds:
To check the version, enter
In this exercise, you create username and password SecretsStores sensitive information, such as passwords, OAuth tokens, and ssh keys. from local files. You then create a Pod that runs one container, using a
projected Volume to mount the Secrets into the same shared directory.
Here is the configuration file for the Pod:
Create the Secrets:
# Create files containing the username and password: echo -n "admin" > ./username.txt echo -n "1f2d1e2e67df" > ./password.txt # Package these files into secrets: kubectl create secret generic user --from-file=./username.txt kubectl create secret generic pass --from-file=./password.txt
Create the Pod:
kubectl apply -f https://k8s.io/examples/pods/storage/projected.yaml
Verify that the Pod’s container is running, and then watch for changes to the Pod:
kubectl get --watch pod test-projected-volume
The output looks like this:
NAME READY STATUS RESTARTS AGE test-projected-volume 1/1 Running 0 14s
In another terminal, get a shell to the running container:
kubectl exec -it test-projected-volume -- /bin/sh
In your shell, verify that the
projected-volume directory contains your projected sources:
Delete the Pod and the Secrets:
kubectl delete pod test-projected-volume kubectl delete secret user pass
Was this page helpful?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.