我正在使用以下 hashicope 注释,这些注释使用 kubectl patch sts app-sts --patch "$(cat template.json)" 命令在应用程序 pod 中进行了修补。
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-status: "update"
vault.hashicorp.com/agent-extra-secret: 'vault-injector-secret'
vault.hashicorp.com/auth-type: 'approle'
vault.hashicorp.com/auth-path: 'auth/approle'
vault.hashicorp.com/auth-config-role-id-file-path: '/vault/custom/.role-id'
vault.hashicorp.com/auth-config-secret-id-file-path: '/vault/custom/.secret-id'
vault.hashicorp.com/agent-inject-secret-vault-secrets.json: "/"
vault.hashicorp.com/secret-volume-path-vault-secrets.json : "/etc/app-secrets"
vault.hashicorp.com/template-static-secret-render-interval: "1m"
vault.hashicorp.com/agent-inject-template-vault-secrets.json: |
{}
即使我指定 vault.hashicorp.com/template-static-secret-render-interval: "1m",秘密文件也会每 5 分钟刷新一次。但我想让它每 1 分钟刷新一次。
为简单起见,我在这里将控制台模板留空。
有人可以帮我吗?