Creating ssh secrets key file in kubernetes

Question

If i create a secret from an id_rsa file using kubectl as:

kubectl create secret generic hcom-secret --from-file=ssh-privatekey=./.ssh/id_rsa

A

Answer 1

Since kubernetes-1.4 things got simpler. Here's my take how to improve the official Kubernetes howto.

To create the secret, use:

kubectl create secret generic ssh-keys --from-file=id_rsa=/path/to/.ssh/id_rsa --from-file=id_rsa.pub=/path/to/.ssh/id_rsa.pub

To mount the secret in your containers, use the following Pod config:

apiVersion: v1
kind: Pod
metadata:
  name: secret-test-pod
  labels:
    name: secret-test
spec:
  volumes:
  - name: ssh-keys-v
    secret:
      secretName: ssh-keys
      defaultMode: 0600 
  containers:
  - name: ssh-test-container
    image: mySshImage
    volumeMounts:
    - name: ssh-keys-v
      readOnly: true
      # container will see /root/.ssh/id_rsa as usual:
      mountPath: "/root/.ssh"

Also nitpick: the id_rsa.pub is hardly ever used, I wouldn't bother to secretize it until required.