Skip to content

Podman kube play support for "secret.items" like configMaps #17829

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rahman-duran opened this issue Mar 17, 2023 · 2 comments · Fixed by #17995
Closed

Podman kube play support for "secret.items" like configMaps #17829

rahman-duran opened this issue Mar 17, 2023 · 2 comments · Fixed by #17995
Labels
kind/feature Categorizes issue or PR as related to a new feature. kube locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@rahman-duran
Copy link

Feature request description

With Kubernetes secrets, we can mount only specific keys in secrets, just like we can do with Kubernetes ConfigMaps. Here is a doc from "https://unofficial-kubernetes.readthedocs.io/en/latest/concepts/configuration/secret/":

"If spec.volumes[].secret.items is used, only keys specified in items are projected. To consume all keys from the secret, all of them must be listed in the items field. All listed keys must exist in the corresponding secret. Otherwise, the volume is not created."

But this is not working even in Podman 4.4.1. Podman mounts the whole secrets keys as files, even when we define only one "item":

` volumeMounts:
- mountPath: /private/secrets/
name: dataprotection-cert
readOnly: true
........

volumes:
- name: dataprotection-cert
secret:
secretName: test_secrets
items:
- key: dp_cert
path: dataprotection-cert.pem
`

With this yaml, Podman should only mount single file: "/private/secrets/dataprotection-cert.pem" but it does not regard "items" section and it mounts whole keys in "test_secrets" into "/private/secrets"

When I look at the code in "volume.go", "VolumeFromConfigMap()" function has a section that process the "items" but "VolumeFromSecret()" function does not check "items", as far as I see.

Suggest potential solution

Support secret.items just like configMap.items

Have you considered any alternatives?

no

Additional context

No response
@rahman-duran rahman-duran added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 17, 2023
@Luap99 Luap99 added the kube label Mar 17, 2023
@rhatdan
Copy link
Member

rhatdan commented Mar 18, 2023

@umohnani8 thoughts?

@umohnani8 umohnani8 mentioned this issue Mar 30, 2023
Merged
@umohnani8
Copy link
Member

yup, items should be used when specified for secrets as well. Opened #17995 to fix this.

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Aug 28, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. kube locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use secret.items to create volume mounts if present umohnani8/libpod
4 participants
@rhatdan @umohnani8 @Luap99 @rahman-duran