Mounting Secrets
To mount confidential data into your workspaces, use Kubernetes Secrets.
Using Kubernetes Secrets, you can mount usernames, passwords, SSH key pairs, authentication tokens (for example, for AWS), and sensitive configurations.
Mount Kubernetes Secrets to the Dev Workspace
containers in the Kubernetes cluster of your organization’s Che instance.
-
An active
kubectl
session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl. -
You have created a new Secret or determined an existing one in your user namespace to mount to all
Dev Workspace
containers.
-
Determine an existing ConfigMap or Secret in your user namespace to mount to all workspace containers.
-
Set the required labels for mounting.
$ kubectl label secret <Secret_name> \ controller.devfile.io/mount-to-devworkspace=true \ controller.devfile.io/watch-secret=true
-
Optional: Use the annotations to configure how the Secret is mounted.
Table 1. Optional annotations Annotation Description controller.devfile.io/mount-path:
Specifies the mount path.
Defaults to
/etc/secret/<Secret_name>
.controller.devfile.io/mount-as:
Specifies how the resource should be mounted:
file
,subpath
, orenv
.Defaults to
file
.mount-as: file
mounts the keys and values as files within the mount path.mount-as: subpath
mounts the keys and values within the mount path using subpath volume mounts.mount-as: env
mounts the keys and values as environment variables in allDev Workspace
containers.
apiVersion: v1
kind: Secret
metadata:
name: mvn-settings-secret
labels:
controller.devfile.io/mount-to-devworkspace: 'true'
controller.devfile.io/watch-secret: 'true'
annotations:
controller.devfile.io/mount-path: '/home/user/.m2'
data:
settings.xml: <Base64_encoded_content>
When you start a workspace, the /home/user/.m2/settings.xml
file will be available in the Dev Workspace
containers.
With Maven, you can set a custom path for the settings.xml
file.
For example:
$ mvn --settings /home/user/.m2/settings.xml clean install