starlingx/docs
Code Issues Proposed changes
master
docs/doc/source/kube-virt/vm-using-secret-as-startup-configuration-4a8255e26b1f.rst
Elisamara Aoki Goncalves 1f91cd1ee0 Update documentation for Kubevirt 
Add Usage Examples sections.
Create KubeVirt Architecture section.
Fix minor editorial issues.
Fix grammar and formatting issues.

Story: 2010931
Task: 50286

Change-Id: I6118d0af848d07f3764eeae5ea8467864c65fceb
Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
2024-09-04 22:08:20 +00:00

2.8 KiB
Raw Permalink Blame History

VM Using Secret as Startup Configuration

A secret can be presented to the as disk or as a filesystem.

The disk method does not support dynamic change propagation and the filesystem method does not support live migration. Therefore, depending on the use-case, one or the other may be more suitable.

Example of the creation of a Secret:

apiVersion: v1
kind: Secret
metadata:
  name: app-secret
type: Opaque
data:
  username: YWxheA==
  password: TGk2OW51eCo=

Example of a using secret as filesystem:

apiVersion: kubevirt.io/v1
kind: VirtualMachineInstance
metadata:
  labels:
    special: vmi-fedora
  name: vmi-fedora-secret
spec:
  domain:
    devices:
      filesystems:
        - name: app-secret-fs
          virtiofs: {}
      disks:
        - disk:
            bus: virtio
          name: containerdisk
    machine:
      type: ""
    resources:
      requests:
        memory: 1024M
  terminationGracePeriodSeconds: 0
  volumes:
    - name: containerdisk
      containerDisk:
        image: quay.io/containerdisks/fedora:latest
    - cloudInitNoCloud:
        userData: |-
          #cloud-config
          chpasswd:
            expire: false
          password: fedora
          user: fedora
          bootcmd:
            # mount the Secret
            - "sudo mkdir /mnt/app-secret"
            - "sudo mount -t virtiofs app-secret-fs /mnt/app-secret"
      name: cloudinitdisk
    - secret:
        secretName: app-secret
      name: app-secret-fs

Then, you can login to to verify:

[fedora@vmi-fedora-secret ~]$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/vda5       4.0G  453M  3.1G  13% /
devtmpfs        4.0M     0  4.0M   0% /dev
tmpfs           450M     0  450M   0% /dev/shm
tmpfs           180M  720K  179M   1% /run
tmpfs           450M     0  450M   0% /tmp
/dev/vda2       966M   61M  840M   7% /boot
/dev/vda3       100M   12M   89M  12% /boot/efi
/dev/vda5       4.0G  453M  3.1G  13% /home
app-secret-fs    94G  8.0K   94G   1% /mnt/app-secret
tmpfs            90M  4.0K   90M   1% /run/user/1000
[fedora@vmi-fedora-secret ~]$ ls -lrth /mnt/app-secret
total 0
lrwxrwxrwx. 1 root 107 15 Jan 15 16:43 username -> ..data/username
lrwxrwxrwx. 1 root 107 15 Jan 15 16:43 password -> ..data/password