dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/daprdocs/content/en/operations/hosting/kubernetes/kubernetes-volume-mounts.md

3.1 KiB
Raw Blame History

type title linkTitle weight description
docs How-to: Mount Pod volumes to the Dapr sidecar How-to: Mount Pod volumes 80000 Configure the Dapr sidecar to mount Pod Volumes

Introduction

The Dapr sidecar can be configured to mount any Volume attached to the application Pod. These volumes can be accessed by the sidecar in read-only or read-write modes. If a Volume is configured to be mounted but it does not exist in the Pod, Dapr logs a warning and ignores it. For more information on different types of Volumes, check Volumes | Kubernetes.

Configuration

You can set the following annotations in your deployment YAML:

  1. dapr.io/volume-mounts: for read-only volume mounts
  2. dapr.io/volume-mounts-rw: for read-write volume mounts

These annotations are comma separated pairs of volume:path. Make sure that the corresponding Volumes exist in the Pod spec.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
  namespace: default
  labels:
    app: myapp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
      annotations:
        dapr.io/enabled: "true"
        dapr.io/app-id: "myapp"
        dapr.io/app-port: "8000"
        dapr.io/volume-mounts: "my-volume1:/tmp/sample1,my-volume2:/tmp/sample2"
        dapr.io/volume-mounts-rw: "my-volume3:/tmp/sample3"
    spec:
      volumes:
        - name: my-volume1
          hostPath:
            path: /sample
        - name: my-volume2
          persistentVolumeClaim:
            claimName: pv-sample
        - name: my-volume3
          emptyDir: {}
...

Example

Custom secrets storage using local file secret store

Since any type of Kubernetes Volume can be attached to the sidecar, you can use the local file secret store to read secrets from a variety of places. For example, if you have a Network File Share (NFS) server running at 10.201.202.203, with secrets stored at /secrets/stage/secrets.json, you can use that as a secrets storage.

  1. Configure the application pod to mount the NFS and attach it to the Dapr sidecar.
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
...
spec:
  ...
  template:
    ...
      annotations:
        dapr.io/enabled: "true"
        dapr.io/app-id: "myapp"
        dapr.io/app-port: "8000"
        dapr.io/volume-mounts: "nfs-ss-vol:/usr/secrets"
    spec:
      volumes:
        - name: nfs-ss-vol
          nfs:
            server: 10.201.202.203
            path: /secrets/stage
...
  1. Point the local file secret store component to the attached file.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: local-secret-store
  namespace: default
spec:
  type: secretstores.local.file
  version: v1
  metadata:
  - name: secretsFile
    value: /usr/secrets/secrets.json
  1. Use the secrets.
GET http://localhost:<daprPort>/v1.0/secrets/local-secret-store/my-secret

Related links

  • [Dapr Kubernetes pod annotations spec]({{< ref arguments-annotations-overview.md >}})