The FileParameterProvider maps a directory to a parameter group named after the directory, and the files within the directory to parameters. Each file's name is mapped to a parameter, and the content of the file becomes the value. Hidden files and nested directories are ignored.
While this provider can be useful in a range of cases, it particularly matches the mounted volume secret structure in Kubernetes. A full discussion of Kubernetes secrets is beyond the scope of this document, but a brief overview can illustrate how these secrets can be mapped to parameter groups.
Assume a secret is configured as follows:
data:
admin_username: my-username (base64-encoded)
admin_password: my-password (base64-encoded)
access_key: my-key (base64-encoded)
Assume a deployment has the following configuration:
spec:
volumes:
- name: system-credentials
secret:
items:
- key: admin_username
path: sys.admin.username
- key: admin_password
path: sys.admin.password
- key: access_key
path: sys.access.key
secretName: system-creds
containers:
- volumeMounts:
- mountPath: /etc/secrets/system-credentials
name: system-credentials
readOnly: true
Then, this secret will appear on disk as follows:
$ ls /etc/secrets/system-credentials
sys.access.key sys.admin.password sys.admin.username
Therefore, to map this secret to a parameter group that will populate a Parameter Context named 'system-credentials', you should simply provide the following configuration to the FileParameterProvider:
The 'system-credentials' parameter context will then contain the following parameters: