Openshift mount files to pods

by | Dec 15, 2019 | Big Data

Openshift offers many possibilities to embed files in pods. Furthermore, there are many reasons to include files in pods. So, embedding configuration files is a powerful mechanism. In this way, unchangeable containers become populated with dynamic content. In brief, ConfigMaps or Secrets contain such files. During container startup the run time injects them into the container.

ConfigMaps to mount file into pods

The example ConfigMap contains a single file named kirk.pem. Here, it is an SSL certificate and encoded as multiline text in YAML format. A char sequence “|-” introduces multiline contents. Afterwards, following and indented lines define file content. As a result, we see a single file. But the map may contain a set of files.

ConfigMap Example

kind: ConfigMap
apiVersion: v1
metadata:
  name: es-certs-secret
  namespace: ${NAMESPACE}
data:
  kirk.pem: |-
    -----BEGIN CERTIFICATE-----
    MIIEdzCCA1+gAwIBAgIGAWLrc1O4MA0GCSqGSIb3DQEBCwUAMIGPMRMwEQYKCZIm
    iZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQ
    RXhhbXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290
    IENBMSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0EwHhcNMTgwNDIy
    MDM0MzQ3WhcNMjgwNDE5MDM0MzQ3WjBNMQswCQYDVQQGEwJkZTENMAsGA1UEBwwE
    dGVzdDEPMA0GA1UECgwGY2xpZW50MQ8wDQYDVQQLDAZjbGllbnQxDTALBgNVBAMM
    BGtpcmswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCwgBOoO88uMM8
    dREJsk58Yt4Jn0zwQ2wUThbvy3ICDiEWhiAhUbg6dTggpS5vWWJto9bvaaqgMVoh
    ElfYHdTDncX3UQNBEP8tqzHON6BFEFSGgJRGLd6f5dri6rK32nCotYS61CFXBFxf
    WumXjSukjyrcTsdkR3C5QDo2oN7F883MOQqRENPzAtZi9s3jNX48u+/e3yvJzXsB
    GS9Qmsye6C71enbIujM4CVwDT/7a5jHuaUp6OuNCFbdRPnu/wLYwOS2/yOtzAqk7
    /PFnPCe7YOa10ShnV/jx2sAHhp7ZQBJgFkkgnIERz9Ws74Au+EbptWnsWuB+LqRL
    x5G02IzpAgMBAAGjggEYMIIBFDCBvAYDVR0jBIG0MIGxgBSSNQzgDx4rRfZNOfN7
    X6LmEpdAc6GBlaSBkjCBjzETMBEGCgmSJomT8ixkARkWA2NvbTEXMBUGCgmSJomT
    8ixkARkWB2V4YW1wbGUxGTAXBgNVBAoMEEV4YW1wbGUgQ29tIEluYy4xITAfBgNV
    BAsMGEV4YW1wbGUgQ29tIEluYy4gUm9vdCBDQTEhMB8GA1UEAwwYRXhhbXBsZSBD
    b20gSW5jLiBSb290IENBggEBMB0GA1UdDgQWBBRsdhuHn3MGDvZxOe22+1wliCJB
    mDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAKBggr
    BgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAkPrUTKKn+/6g0CjhTPBFeX8mKXhG
    zw5z9Oq+xnwefZwxV82E/tgFsPcwXcJIBg0f43BaVSygPiV7bXqWhxASwn73i24z
    lveIR4+z56bKIhP6c3twb8WWR9yDcLu2Iroin7dYEm3dfVUrhz/A90WHr6ddwmLL
    3gcFF2kBu3S3xqM5OmN/tqRXFmo+EvwrdJRiTh4Fsf0tX1ZT07rrGvBFYktK7Kma
    lqDl4UDCF1UWkiiFubc0Xw+DR6vNAa99E0oaphzvCmITU1wITNnYZTKzVzQ7vUCq
    kLmXOFLTcxTQpptxSo5xDD3aTpzWGCvjExCKpXQtsITUOYtZc02AGjjPOQ==
    -----END CERTIFICATE-----

Mounting files from ConfigMap is pretty simple. Line 19 defines a volume and references ConfigMap at line 21. Furthermore, section at line 11 volumeMounts references the volume. In consequence, a simple use case is to mount all files from config map into given mountPath. The example shows a more advanced use case which mounts single files into file system. This way allows mounting files beside existing files.

kind: StatefulSet
apiVersion: apps/v1
metadata:
   ...
spec:
    spec:
      containers:
        - name: elasticsearch
          image: "amazon/opendistro-for-elasticsearch"
          ...
          volumeMounts:
             - name: es-certs-volume
               mountPath: /usr/share/elasticsearch/config/kirk.pem
               subPath: kirk.pem
             - name: es-certs-volume
               mountPath: /usr/share/elasticsearch/config/kirk-key.pem
               subPath: kirk-key.pem
       ...
       volumes:
         - name: es-certs-volume
           configMap:
           name: es-certs-secret

The most simple use case mounts the ConfigMap to a mount point. In consequence, it mounts all file entries to specified mount path and overrides existing contents. That means to replace an existing folder by on empty one. In consequence, it removes any existing file. After that, the empty folder mounts new contents.

The above example is more advanced and combines existing files with files from ConfigMap.

References: