Mount Secret as Volume

Secrets can be mounted as volume to pod where each key is created as file and secret value is content inside the file.

We can create secret as volume as follows.

apiVersion: v1
kind: Pod
metadata:
  name: secret-volume
  namespace: learning
spec:
  containers:
    - name: nginx
      image: nginx
      volumeMounts:
        - name: secrets
          mountPath: /secrets
  volumes:
    - name: secrets
      secret:
        secretName: credentials

We must ensure that the secret exists in the system.

apiVersion: v1
kind: Secret
metadata:
  name: credentials
  namespace: learning
data:
  USERNAME: dXNlcm5hbWUK
  PASSWORD: cGFzc3dvcmQK

This will mount files USERNAME and PASSWORD to path /secrets in pod with their decoded content. These mounts are ReadOnly.