Configure a Pod to Use a Projected Volume for Storage

This page shows how to use a projected Volume to mount several existing volume sources into the same directory. Currently, secret, configMap, downwardAPI, and serviceAccountToken volumes can be projected.

Note:

serviceAccountToken is not a volume type.

Before you begin

You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

To check the version, enter kubectl version.

Configure a projected volume for a pod

In this exercise, you create username and password Secrets from local files. You then create a Pod that runs one container, using a projected Volume to mount the Secrets into the same shared directory.

Here is the configuration file for the Pod:

  1. pods/storage/projected.yaml
  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. name: test-projected-volume
  5. spec:
  6. containers:
  7. - name: test-projected-volume
  8. image: busybox:1.28
  9. args:
  10. - sleep
  11. - "86400"
  12. volumeMounts:
  13. - name: all-in-one
  14. mountPath: "/projected-volume"
  15. readOnly: true
  16. volumes:
  17. - name: all-in-one
  18. projected:
  19. sources:
  20. - secret:
  21. name: user
  22. - secret:
  23. name: pass
  1. Create the Secrets:

    1. # Create files containing the username and password:
    2. echo -n "admin" > ./username.txt
    3. echo -n "1f2d1e2e67df" > ./password.txt
    4. # Package these files into secrets:
    5. kubectl create secret generic user --from-file=./username.txt
    6. kubectl create secret generic pass --from-file=./password.txt
  2. Create the Pod:

    1. kubectl apply -f https://k8s.io/examples/pods/storage/projected.yaml
  3. Verify that the Pod’s container is running, and then watch for changes to the Pod:

    1. kubectl get --watch pod test-projected-volume

    The output looks like this:

    1. NAME READY STATUS RESTARTS AGE
    2. test-projected-volume 1/1 Running 0 14s
  4. In another terminal, get a shell to the running container:

    1. kubectl exec -it test-projected-volume -- /bin/sh
  5. In your shell, verify that the projected-volume directory contains your projected sources:

    1. ls /projected-volume/

Clean up

Delete the Pod and the Secrets:

  1. kubectl delete pod test-projected-volume
  2. kubectl delete secret user pass

What’s next