In the current implementation, wrapper scripts initialized by security-bootstrapper are mounted into an RWX volume, and EdgeX containers use these wrapper scripts to replace the container entrypoints.
A better solution would be to install these wrappers as secrets, configmaps, or init-containers, in order to remove the depenency on the shared RWX volume.
In the current implementation, wrapper scripts initialized by security-bootstrapper are mounted into an RWX volume, and EdgeX containers use these wrapper scripts to replace the container entrypoints.
A better solution would be to install these wrappers as secrets, configmaps, or init-containers, in order to remove the depenency on the shared RWX volume.
See an example of this: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-initialization/