Skip to content


Feature state: 1.1.0

extraSecrets value in Kubedeploy allow for deploying multiple custom Secrets objects.

It also allows automatic mounting of Secretes in all containers of a Pod by definig cusom mount parametars.


By default extraSecrets in Kubedeploy will not deploy any Secrets objects.

However, when defining them under this value, chart will automatically prepend kubedeploy.fullname to any defined Secret object to prevent collisions with other releases.

Define custom extraSecrets

nameOverride: my-app
  repository: nginx
  tag: latest

  - name: opaque-secret
    type: Opaque # (optional) - Default: Opaque if unspecified
    mount: True # (optional) - should this sercret be mounted as volume in containers
    mountPath: /mnt/secret-vol0 # (required if mount=True) - define mount path for this secret
      key: value # value will be automatically base64 encoded by chart template

  - name: tls-secret
      tls.crt: |
        --------BEGIN CERTIFICATE-----
        MIIC2DCCAcCgAwIBAgIBATANBgkqh ...
      tls.key: |
        -----BEGIN RSA PRIVATE KEY-----
        MIIEpgIBAAKCAQEA7yn3bRHQ5FHMQ ... |
        --------BEGIN CERTIFICATE-----
        MIIC2DCCAcCgAwIBAgIBATANBgkqh ...

  - name: ssh-key-secret
      ssh-privatekey: |
        MIIEpQIBAAKCAQEAulqb/Y ...
Deploy command
helm install webapp sysbee/kubedeploy -f values.yaml

As a result of the above example, Kubdeploy will create three extra Secrets objects named: webapp-my-app-opaque-secret, webapp-my-app-tls-secret and webapp-my-app-ssh-key-secret.

First Secret will also be mounted inside all of the Pod's containers at /mnt/secret-vol0 path exposing key as file on /data/configmap/key.


Secret type parametar can be any of the Kubernetes Types of Secret. However, it is up to the end user to define required keys in the data parametar for the Secret type being deployed.

If type is omitted, Secret type will default to Opaque


Common usecase in the above scenario would be creating and automatically mounting any configuration files or secretes your application might need during its runtime.

See also: