Support for windows kubernetes workloads

[niranjan94]

We use kubernetes (AWS EKS) to manage both linux and windows workloads. We are now looking into using vault-k8s injector to inject secrets into the pods. All of the tutorials seem to talk about linux workloads. Are windows workloads supported at this point ?

[FWest98]

Currently, it does not support Windows; and it does not look like it will support that any time soon. The current code seems to use in-memory shared volumes (which Windows does not support), the go code seems to use Linux-specific stuff (touch, /bin/sh), and everything is compiled using a makefile and put into an Alpine container.

Your best bet at this point might actually be to rewrite this plugin yourself, using the Windows vault binary and stuff.

But I do also hope support for Windows will come soon; it would be really useful now that Windows on Kubernetes is more and more commonplace.

[Eslam-mohammed-anwar]

I will be very helpful to implement such plugin for vault injector to run on windows

[gkkishan]

Hi. Am new to this repo. Do we know id support for windows workload is ready for this? All my workloads are windows containers built to run for .net framework v4.7.2

[VioletHynes]

Hi there,

Just to clarify and add to things here, while Vault Agent itself works on Windows, the Vault Agent Injector cannot. The shared memory volume is where the injected Vault Agent writes secrets it fetches via agent templating. Windows containers do not support shared memory volumes.

In other words, we're blocked by the limitations of Windows containers in Kubernetes as of right now and there's no way for us to work around or fix the limitation as it's not our limitation. If/when this limitation is addressed, it'll be possible for us to add support for injecting secrets into Windows containers, but as mentioned, it's not our limitation.

[abindg]

Hi , is there any advancement made in the last 2 years ? I am kind of stuck with the same issue . Any help is highly appreciated