jicowan
commented
4 years ago @darnone you will likely need to contact @ecrousseau about their fork and how to install it. I will also consider changing the file name from "secret" to the name of the secret in AWS Secrets manager.
I am not sure what you mean by mounting secret-vol directly into a pod. The secret is written to a volume that is shared between the application container and the init container. You can change the path easily enough, but the secret has to be written to a location accessible to the init and application containers.
ecrousseau
Hello,
I am trying to make use of this. I am able to get the implementation from master to stand up. But I have a couple of questions. Is it possible to the mount point point to something other then /tmp/secret. Is it possible to mount secret-vol directly in a pod? Also, in a regular kubernetes secret, each secret value is placed in a file with the key as the name of the file. /tmp/secret is not formated. I have a container that is looking for secrets ala regular kubernetes secret format.
The fork at ecrousseau/aws-secret-injector does is closer to what we are looking for. But I cannot get it to stand up. First the webhook name in the chart template webhook.yaml is secret-inject. Deploying that helm chart results in error: Error: MutatingWebhookConfiguration.admissionregistration.k8s.io "secret-inject" is invalid: webhooks[0].name: Invalid value: "secret-inject": should be a domain with at least three segments separated by dots
so I changed wehhook name from secret-inject to secret-inject.aws.amazon.com. The webhook deploys but the deployment fails to create the test pod.k get deployments.apps NAME READY UP-TO-DATE AVAILABLE AGE secret-inject 1/1 1 1 117s secrets-testing 0/1 0 0 70s