additionalMounts parameter

Use additionalMounts for mounting additional resources such as configMaps, secrets, and Persistent Volume Claims (PVC) to pods dynamically based on label matching.

This kind of dynamic mounting ensures that the application configurations, sensitive data, and storage resources are accessible to the containers. You can mount select volumes to specific pods without affecting the other pods. To achieve this, ensure that the pod label matches with the matchLabels that is defined in the additionalMounts. For more information about defining additionalMounts, see Use cases to define additionalMounts.

Note:
Truststore pods
  • Labels cannot be separately defined for truststore pods.
  • Truststore labels are inherited only from the SIPEnvironment.
Service pods
  • Labels can be defined at SIPEnvironment, service group, and server levels.
The following .yaml file is a sample schema of additionalMounts:
  additionalMounts:
    configMaps:
    - name: ""
      mountPath: ""
      # defaultMode: 420
      # subPath: ""
      # subPathExpr: ""
      # readOnly: false
      # mountPropagation: ""
      # matchLabels: {}
    secrets:
    - name: ""
      mountPath: ""
      # defaultMode: 420
      # subPath: ""
      # subPathExpr: ""
      # readOnly: false
      # mountPropagation: ""
      # matchLabels: {}
    storages:
    - name: ""
      mountPath: ""    
      # subPath: ""
      # matchLabels: {}
The following table explains the attributes applicable for both configMaps and secrets properties of additionalMounts parameter.
Property Default value Value type Required Description
name   string Yes Specify the name and make sure it matches the name of a configMap or a secret.
mountPath   string Yes Specify the path within the container where the volume should be mounted.
mountPropagation   string No This determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used.
readOnly false boolean No Mounted read-only if true, read-write otherwise (false or unspecified).
subPath "" (volumes's root) string No Path within the configMap or secret from which the container's volume should be mounted.
subPathExpr "" (volumes's root) string No Expanded path within the configMap or secret from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. SubPathExpr and SubPath are mutually exclusive.
matchLabels   object No Specify matchLabels as key-value pair.

If matchLabels are defined, the Operator matches this key-value pair with the key-value pair of podLabels that is defined in common parameter. If it matches, then the specified volumes are dynamically mounted. If matchLabels does not match with podLabels, the mounts are not applied.

If matchLabels are not defined, the Operator mounts the specified volumes to all pods by default.
defaultMode Decimal: 420
Octal: 0644		 integer No Specify the mode to set permissions on the files that are created by default. It must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
The following table explains the attributes applicable for storage property of additionalMounts spec.
Property Default value Value type Required Description
mountPath string Yes Specify the path to mount a PV onto the pod.
Note: Do not set the path to /shared.
name shared-volume string Yes Specify the name of the Persistent Volume claim.
matchLabels   object No Specify matchLabels as key-value pair.

If matchLabels are defined, the Operator matches this key-value pair with the key-value pair of podLabels that is defined in common parameter. If it matches, then the specified volumes are dynamically mounted. If matchLabels does not match with podLabels, the mounts are not applied.

If matchLabels are not defined, the Operator mounts the specified volumes to all pods by default.
subPath "" (volumes's root) string No Path within the Persistent Volume from which the container's volume should be mounted.