TommyLike
commented
7 months ago Ok, I found the solution myself, steps to disable auto mount the service account in business pod while used by init container
- define the prioject volume which use the service account in deployment
- add automountServiceAccountToken=false in deployment
- add the annotation "vault.hashicorp.com/agent-service-account-token-volume-name: ----the project volume name----"
This configure will make deployment work as expected
Is your feature request related to a problem? Please describe. vault injector works well, but for our security concern, is it possible to inject secret to our deployment pod while the "automountServiceAccountToken" setting false?
Describe the solution you'd like see above
Describe alternatives you've considered Nope
Additional context To eliminate the security concern from our security team who worried that we don't need mount the service account when the main pod does not need to.