How to copy kubernetes/openshift secrets into a volume for init container job?

Question

There is a init container which copies keystore.jks from nexus repo into a volume during the build of docker file via curl. Then once the init container is alive the python code that takes that keystore.jks and makes necessary updates then init container dies. What we are trying to do is to store this keystore.jks as a secret in openshift BUT how to copy secret into volume once init container is alive? so that python code can use it as it was before? Thanks in advance for any comments/help!

Answer 1

As @larsks suggests you can mount the secret to volume and use it for the main container.

here sharing YAML configuration that might help you understand.

apiVersion: v1
kind: Secret
metadata:
  name: ssh-key
  namespace: acme
data:
  id_rsa: {{ secret_value_base64_encoded }}

now adding secret to mount path

spec:
  template:
    spec:
      containers:
      - image: "my-image:latest"
        name: my-app
        ...
        volumeMounts:
          - mountPath: "/var/my-app"
            name: ssh-key
            readOnly: true
     initContainers:
     - command:
     - sh
     - -c
     - chown -R 1000:1000 /var/my-app #if any changes required
     image: busybox:1.29.2
     name: set-dir-owner
     securityContext:
       privileged: true
     volumeMounts:
     - mountPath: /var/my-app
       name: ssh-key
    volumes:
        - name: ssh-key
          secret:
            secretName: ssh-key

as suggested better option is to directly mount the secret to the main container without init contianer.

spec:
  template:
    spec:
      containers:
      - image: "my-image:latest"
        name: my-app
        ...
        volumeMounts:
          - mountPath: "/var/my-app"
            name: ssh-key
            readOnly: true
      volumes:
        - name: ssh-key
          secret:
            secretName: ssh-key