Openshift mount files to pods

by | Dec 15, 2019 | Big Data

Openshift offers many possibilities to embed files in pods. Furthermore, there are many reasons to include files in pods. So, embedding configuration files is a powerful mechanism. In this way, unchangeable containers become populated with dynamic content. In brief, ConfigMaps or Secrets contain such files. During container startup the run time injects them into the container.

ConfigMaps to mount file into pods

The example ConfigMap contains a single file named kirk.pem. Here, it is an SSL certificate and encoded as multiline text in YAML format. A char sequence “|-” introduces multiline contents. Afterwards, following and indented lines define file content. As a result, we see a single file. But the map may contain a set of files.

ConfigMap Example

kind: ConfigMap
apiVersion: v1
metadata:
name: es-certs-secret
namespace: ${NAMESPACE}
data:
kirk.pem: |-
-----BEGIN CERTIFICATE-----
MIIEdzCCA1+gAwIBAgIGAWLrc1O4MA0GCSqGSIb3DQEBCwUAMIGPMRMwEQYKCZIm
iZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQ
RXhhbXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290
IENBMSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0EwHhcNMTgwNDIy
MDM0MzQ3WhcNMjgwNDE5MDM0MzQ3WjBNMQswCQYDVQQGEwJkZTENMAsGA1UEBwwE
dGVzdDEPMA0GA1UECgwGY2xpZW50MQ8wDQYDVQQLDAZjbGllbnQxDTALBgNVBAMM
BGtpcmswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCwgBOoO88uMM8
dREJsk58Yt4Jn0zwQ2wUThbvy3ICDiEWhiAhUbg6dTggpS5vWWJto9bvaaqgMVoh
ElfYHdTDncX3UQNBEP8tqzHON6BFEFSGgJRGLd6f5dri6rK32nCotYS61CFXBFxf
WumXjSukjyrcTsdkR3C5QDo2oN7F883MOQqRENPzAtZi9s3jNX48u+/e3yvJzXsB
GS9Qmsye6C71enbIujM4CVwDT/7a5jHuaUp6OuNCFbdRPnu/wLYwOS2/yOtzAqk7
/PFnPCe7YOa10ShnV/jx2sAHhp7ZQBJgFkkgnIERz9Ws74Au+EbptWnsWuB+LqRL
x5G02IzpAgMBAAGjggEYMIIBFDCBvAYDVR0jBIG0MIGxgBSSNQzgDx4rRfZNOfN7
X6LmEpdAc6GBlaSBkjCBjzETMBEGCgmSJomT8ixkARkWA2NvbTEXMBUGCgmSJomT
8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1wbGUgQ29tIEluYy4xITAfBgNV
BAsMGEV4YW1wbGUgQ29tIEluYy4gUm9vdCBDQTEhMB8GA1UEAwwYRXhhbXBsZSBD
b20gSW5jLiBSb290IENBggEBMB0GA1UdDgQWBBRsdhuHn3MGDvZxOe22+1wliCJB
mDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAKBggr
BgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAkPrUTKKn+/6g0CjhTPBFeX8mKXhG
zw5z9Oq+xnwefZwxV82E/tgFsPcwXcJIBg0f43BaVSygPiV7bXqWhxASwn73i24z
lveIR4+z56bKIhP6c3twb8WWR9yDcLu2Iroin7dYEm3dfVUrhz/A90WHr6ddwmLL
3gcFF2kBu3S3xqM5OmN/tqRXFmo+EvwrdJRiTh4Fsf0tX1ZT07rrGvBFYktK7Kma
lqDl4UDCF1UWkiiFubc0Xw+DR6vNAa99E0oaphzvCmITU1wITNnYZTKzVzQ7vUCq
kLmXOFLTcxTQpptxSo5xDD3aTpzWGCvjExCKpXQtsITUOYtZc02AGjjPOQ==
-----END CERTIFICATE-----

Mounting files from ConfigMap is pretty simple. Line 19 defines a volume and references ConfigMap at line 21. Furthermore, section at line 11 volumeMounts references the volume. In consequence, a simple use case is to mount all files from config map into given mountPath. The example shows a more advanced use case which mounts single files into file system. This way allows mounting files beside existing files.

kind: StatefulSet
apiVersion: apps/v1
metadata:
...
spec:
spec:
containers:
- name: elasticsearch
image: "amazon/opendistro-for-elasticsearch"
...
volumeMounts:
- name: es-certs-volume
mountPath: /usr/share/elasticsearch/config/kirk.pem
subPath: kirk.pem
- name: es-certs-volume
mountPath: /usr/share/elasticsearch/config/kirk-key.pem
subPath: kirk-key.pem
...
volumes:
- name: es-certs-volume
configMap:
name: es-certs-secret

The most simple use case mounts the ConfigMap to a mount point. In consequence, it mounts all file entries to specified mount path and overrides existing contents. That means to replace an existing folder by on empty one. In consequence, it removes any existing file. After that, the empty folder mounts new contents.

The above example is more advanced and combines existing files with files from ConfigMap.

References: