Mounting Secrets
To mount confidential data into your workspaces, use Kubernetes Secrets.
Using Kubernetes Secrets, you can mount usernames, passwords, SSH key pairs, authentication tokens (for example, for AWS), and sensitive configurations.
Mount Kubernetes Secrets to the Dev Workspace containers in the Kubernetes cluster of your organization’s Che instance.
-
An active
kubectlsession with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl. -
You have created a new Secret or determined an existing one in your user namespace to mount to all
Dev Workspacecontainers.
-
Determine an existing ConfigMap or Secret in your user namespace to mount to all workspace containers.
-
Set the required labels for mounting.
$ kubectl label secret <Secret_name> \ controller.devfile.io/mount-to-devworkspace=true \ controller.devfile.io/watch-secret=true -
Optional: Use the annotations to configure how the Secret is mounted.
Table 1. Optional annotations Annotation Description controller.devfile.io/mount-path:Specifies the mount path.
Defaults to
/etc/secret/<Secret_name>.controller.devfile.io/mount-as:Specifies how the resource should be mounted:
file,subpath, orenv.Defaults to
file.mount-as: filemounts the keys and values as files within the mount path.mount-as: subpathmounts the keys and values within the mount path using subpath volume mounts.mount-as: envmounts the keys and values as environment variables in allDev Workspacecontainers.
apiVersion: v1
kind: Secret
metadata:
name: mvn-settings-secret
labels:
controller.devfile.io/mount-to-devworkspace: 'true'
controller.devfile.io/watch-secret: 'true'
annotations:
controller.devfile.io/mount-path: '/home/user/.m2'
data:
settings.xml: <Base64_encoded_content>When you start a workspace, the /home/user/.m2/settings.xml file will be available in the Dev Workspace containers.
With Maven, you can set a custom path for the settings.xml file.
For example:
$ mvn --settings /home/user/.m2/settings.xml clean install