Projected Volume

Projected volume maps multiple volume sources into a single directory. This means that it allows us to mount secrets, configmaps etc to the same volume mount.

Types of supported volume sources are:

secret
configMap
serviceAccountToken
downwardAPI
clusterTrustBundle

An example projected volume that maps secrets and configmap to pod volume.

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    type: router
  namespace: learning
spec:
  containers:
    - name: nginx-con
      image: nginx
      volumeMounts:
        - name: projected
          mountPath: /projected
  volumes:
    - name: projected
      projected:
        sources:
          - configMap:
              name: urls
              items:
                - key: HOMEPAGE
                  path: config/homepage
          - secret:
              name: user-cred
              items:
                - key: USERNAME
                  path: secret/username
                - key: PASSWORD
                  path: secret/password

sources defines different supported sources. path defines the relative sub path to mounted path which is /projected.

Followings are configmap and secret.

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: urls
  namespace: learning
data:
  HOMEPAGE: website.com/home
  CONTACT: website.com/contact
 
---
apiVersion: v1
kind: Secret
metadata:
  name: user-cred
  namespace: learning
data:
  USERNAME: dXNlcm5hbWUK
  PASSWORD: cGFzc3dvcmQK

Once we create pod, we should be able to access these at /projected with configmap at /projected/config/* and secret at /projected/secret/*.

References

https://kubernetes.io/docs/concepts/storage/projected-volumes/

bitPhile

Explorer

Projected Volume

Projected Volume

References

Graph View

Table of Contents

Backlinks