Mounting Secrets
To mount confidential data into your workspaces, use Kubernetes Secrets.
Using Kubernetes Secrets, you can mount usernames, passwords, SSH key pairs, authentication tokens (for example, for AWS), and sensitive configurations.
Mount Kubernetes Secrets to the DevWorkspace containers in the Kubernetes cluster of your organization’s Che instance.
-
An active
kubectlsession with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl. -
In your user namespace, you created a new Secret or determined an existing Secret to mount to all
DevWorkspacecontainers.
-
Add the labels, which are required for mounting the Secret, to the Secret.
$ kubectl label secret <Secret_name> \ controller.devfile.io/mount-to-devworkspace=true \ controller.devfile.io/watch-secret=true -
Optional: Use the annotations to configure how the Secret is mounted.
Table 1. Optional annotations Annotation Description controller.devfile.io/mount-path:Specifies the mount path.
Defaults to
/etc/secret/<Secret_name>.controller.devfile.io/mount-as:Specifies how the resource should be mounted:
file,subpath, orenv.Defaults to
file.mount-as: filemounts the keys and values as files within the mount path.mount-as: subpathmounts the keys and values within the mount path using subpath volume mounts.mount-as: envmounts the keys and values as environment variables in allDevWorkspacecontainers.
apiVersion: v1
kind: Secret
metadata:
name: mvn-settings-secret
labels:
controller.devfile.io/mount-to-devworkspace: 'true'
controller.devfile.io/watch-secret: 'true'
annotations:
controller.devfile.io/mount-path: '/home/user/.m2'
data:
settings.xml: <Base64_encoded_content>When you start a workspace, the /home/user/.m2/settings.xml file will be available in the DevWorkspace containers.
With Maven, you can set a custom path for the settings.xml file.
For example:
$ mvn --settings /home/user/.m2/settings.xml clean install