Tasks

Kubernetes v1.12 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see latest version.

Edit This Page

Configure a Pod to Use a Projected Volume for Storage

This page shows how to use a projected volume to mount several existing volume sources into the same directory. Currently, secret, configMap, downwardAPI, and serviceAccountToken volumes can be projected.

Note: serviceAccountToken is not a volume type.

Before you begin

You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube, or you can use one of these Kubernetes playgrounds:

To check the version, enter kubectl version.

Configure a projected volume for a pod

In this exercise, you create username and password Secrets from local files. You then create a Pod that runs one Container, using a projected Volume to mount the Secrets into the same shared directory.

Here is the configuration file for the Pod:

pods/storage/projected.yaml
apiVersion: v1
kind: Pod
metadata:
  name: test-projected-volume
spec:
  containers:
  - name: test-projected-volume
    image: busybox
    args:
    - sleep
    - "86400"
    volumeMounts:
    - name: all-in-one
      mountPath: "/projected-volume"
      readOnly: true
  volumes:
  - name: all-in-one
    projected:
      sources:
      - secret:
          name: user
      - secret:
          name: pass
  1. Create the Secrets:

    # Create files containing the username and password:
       echo -n "admin" > ./username.txt
       echo -n "1f2d1e2e67df" > ./password.txt
    
    # Package these files into secrets:
       kubectl create secret generic user --from-file=./username.txt
       kubectl create secret generic pass --from-file=./password.txt
  2. Create the Pod:

       kubectl create -f https://k8s.io/examples/pods/storage/projected.yaml
  3. Verify that the Pod’s Container is running, and then watch for changes to the Pod:

       kubectl get --watch pod test-projected-volume

    The output looks like this:

    NAME READY STATUS RESTARTS AGE test-projected-volume 1/1 Running 0 14s

  4. In another terminal, get a shell to the running Container:

       kubectl exec -it test-projected-volume -- /bin/sh
  5. In your shell, verify that the projected-volume directory contains your projected sources:

       ls /projected-volume/

What's next

Feedback