graywolf
Reputation: 77
How to set default mode for secrets?
When secrets are created, they are 0755 owned by root:
/ # ls -al /var/run/secrets/
total 0
drwxr-xr-x 4 root root 52 Apr 16 21:56 .
drwxr-xr-x 1 root root 21 Apr 16 21:56 ..
drwxr-xr-x 3 root root 28 Apr 16 21:56 eks.amazonaws.com
drwxr-xr-x 3 root root 28 Apr 16 21:56 kubernetes.io
I want them to be 0700 instead. I know that for regular secret volumes I can use
- name: vol-sec-smtp
secret:
defaultMode: 0600
secretName: smtp
and it will mount (at least the secret files themselves) as 0600. Can I achieve the same with the secrets located at /var/run/secrets directly from the yaml file?
Upvotes: 1
Views: 3122
Answers (1)
coderanger
Reputation: 54211
You can disable the default service account token mount and then mount it yourself as you showed.
Upvotes: 2
Related Questions
- How to secure kubernetes secrets?
- Kubernetes: How to set boolean type variable in configMap
- How to specify yaml file to use secret as intended?
- How to edit secrets in kubernetes nicely?
- How to mark secret as optional in kubernetes?
- How to point Kubernetes secrets to Configmap
- Change the secret a Kubernetes deployment expects
- How to avoid default secret being attached to ServiceAccount?
- Changing the default behavior of Kubernetes
- Kubernetes using secrets in pod