Re: secrets and configmap

khokha · ‎01-03-2024

Hello everyone,

I've few questions about secrets and configmaps.

1- if i create a deployment and added to it secret but the deployment doesn't require it (secret), will this affect the operation of the application?

2- if the deployment requires a volume and i didn't add it will this make the deployment doesn't work?

3- if a deployment reqiures a configmap and it should be mounted at certain path , if it is misconfigured (mount path) will this affect the deployment operation?

4- if the deployment has pvc will it contain all the volumes in the deployment or only those mounted at the same path of the pvc?

Thanks in advance

Chetan_Tiwary_ · ‎01-03-2024

@khokha AFAIK

"if the deployment requires a volume and i didn't add it will this make the deployment doesn't work?" - yes the deployment will fail to start.

https://kubernetes.io/docs/concepts/storage/volumes/

" if a deployment reqiures a configmap and it should be mounted at certain path , if it is misconfigured (mount path) will this affect the deployment operation?"
- If you reference a ConfigMap that doesn't exist and you don't mark the reference as optional, the Pod won't start. Similarly, references to keys that don't exist in the ConfigMap will also prevent the Pod from starting, unless you mark the key references as optional.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#:~:text=The%20Conf...

"if the deployment has pvc will it contain all the volumes in the deployment or only those mounted at the same path of the pvc?"

- pvc is a request to storage ( It only provides storage for volumes referencing it ) while volumes define how pods will utilise the storage - There can be different volumes in the deployment with different source and a different mount path like emptyDir, hostPath , configMap, local, nfs etc

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#:~:text=A%20PersistentVolumeClaim%20...

khokha · ‎01-03-2024

hi @Chetan_Tiwary_

Thanks for your reply.

For the second point of misconfigured mount path of configmap, if the configmap exists but it should be mounted but the configmap isn't mounted or mounted at wrong mount path, will this prevent the app from working?

For the last point of pvc, if the pvc is mounted at /dir. and there're volumes that has data at /dir./file will the pvc contain this data (/dir./file)?

Adding secrets or volumes that aren't required by the application, will affect its operation?

Chetan_Tiwary_ · ‎01-03-2024

Yes the app wont work if the desired configMap is not mounted properly as per the app requirements.

If I understood your question correctly , yes I think, as long as the underlying PV is the same, else No.

To share one volume for multiple uses in a single pod use - volumeMounts.subPath

https://kubernetes.io/docs/concepts/storage/volumes/#using-subpath

I dont think adding secrets not required by app will afftect an app's operation generally speaking but it can have other implications on resources and security.

khokha · ‎01-04-2024

@Chetan_Tiwary_

What you mean with sharing one volume for multiple uses?

If i create a secret that has additional files that aren't required by the application, will this cause any problems?

What is the difference between when i set a secret as environment variable and when i set it as volume?

For attaching configmaps and secrets created from files we can't use command oc set env and have to use oc set volume?

Thanks

secrets and configmap

containers

Kubernetes

OpenShift