When using a Docker strategy, you can add all defined input secrets into your
container image using the
ADD and
COPY instructions in
your Dockerfile.
If you do not specify the destinationDir for a secret, then the files will be
copied into the same directory in which the Dockerfile is located. If you
specify a relative path as destinationDir, then the secrets will be copied
into that directory, relative to your Dockerfile location. This makes the
secret files available to the Docker build operation as part of the context
directory used during the build.
FROM centos/ruby-22-centos7 USER root COPY ./secret-dir /secrets COPY ./config / # Create a shell script that will output secrets and ConfigMaps when the image is run RUN echo '#!/bin/sh' > /input_report.sh RUN echo '(test -f /secrets/secret1 && echo -n "secret1=" && cat /secrets/secret1)' >> /input_report.sh RUN echo '(test -f /config && echo -n "relative-configMap=" && cat /config)' >> /input_report.sh RUN chmod 755 /input_report.sh CMD ["/bin/sh", "-c", "/input_report.sh"]
|
Note
|
Users should normally remove their input secrets from the final application image so that the secrets are not present in the container running from that image. However, the secrets will still exist in the image itself in the layer where they were added. This removal should be part of the Dockerfile itself. |