Skip to content

Instantly share code, notes, and snippets.

@rbo

rbo/README.md

Created February 2, 2021 15:57
Show Gist options
  • Save rbo/22a1e6d905c1c85015890972b2adc4f2 to your computer and use it in GitHub Desktop.
Save rbo/22a1e6d905c1c85015890972b2adc4f2 to your computer and use it in GitHub Desktop.
Download ZIP
Kubernetes secret default mode
Raw
README.md 
oc apply -f - <<EOF
apiVersion: v1
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm
kind: Secret
metadata:
  name: mysecret
type: Opaque
EOF

oc apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: without-defaultmode
spec:
  containers:
  - name: busybox
    image: quay.io/prometheus/busybox
    command:
    - /bin/sh
    - "-c" 
    - |
      ls -la /etc/foo/..data/
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
  volumes:
  - name: foo
    secret:
      secretName: mysecret
EOF

$ oc logs pod/without-defaultmode
total 8
drwxr-xr-x    2 root     root            80 Feb  2 15:24 .
drwxrwxrwt    3 root     root           120 Feb  2 15:24 ..
-rw-r--r--    1 root     root            12 Feb  2 15:24 password
-rw-r--r--    1 root     root             5 Feb  2 15:24 username

oc apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: defaultmode
spec:
  containers:
  - name: busybox
    image: quay.io/prometheus/busybox
    command:
    - /bin/sh
    - "-c" 
    - |
      ls -la /etc/foo/..data/
      sleep infitiy
    volumeMounts:
    - name: foo
      mountPath: "/etc/foo"
  volumes:
  - name: foo
    secret:
      secretName: mysecret
      defaultMode: 0400
EOF

$ oc logs defaultmode
total 8
drwxr-xr-x    2 root     root            80 Feb  2 15:25 .
drwxrwxrwt    3 root     root           120 Feb  2 15:25 ..
-r--------    1 root     root            12 Feb  2 15:25 password
-r--------    1 root     root             5 Feb  2 15:25 username
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment