我可以将我的秘密注入特定路径
/vault/secret
,但无法将它们存储为 pod env,pod env 中没有秘密。路径 /vault/secrets
上的 pod 中的文件已存在。之后我有 2 个问题。
为什么它不起作用,有什么办法可以将它注入 pod env 中吗?
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
labels:
app: vault-agent-demo
spec:
selector:
matchLabels:
app: vault-agent-demo
replicas: 1
template:
metadata:
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-status: "update"
vault.hashicorp.com/agent-inject-secret-sendmail: "secret/sendmail-api"
vault.hashicorp.com/agent-inject-template-sendmail: |
{{- with secret "secret/sendmail-api" -}}
export APIKEY="{{ .Data.data.APIKEY }}"
{{- end }}
vault.hashicorp.com/agent-inject-status: "update"
vault.hashicorp.com/agent-inject-secret--config: "secret/payment-api"
vault.hashicorp.com/agent-inject-template--config: |
{{ with secret "secret/payment-api" -}}
APIKEY="{{ .Data.data.APIKEY }}""
{{- end }}
vault.hashicorp.com/role: "myapp"
labels:
app: vault-agent-demo
spec:
serviceAccountName: app
containers:
- name: app
image: jweissig/app:0.0.1
command:
['sh', '-c']
args:
['source /vault/secrets/ && /app/web']