k8s: Injecting env variable from app dc to custom vault-agent Init/ Vault-agent sidecar image #161
Comments
|
I'm not sure what you exactly mean, but instead of creating another issue I'll tag onto this because I think it may be the same. We'd like the init/sidecar to mirror the container env vars when mutating the request. I think it can probably be handled here: So, for example, if the original request was to run some container in a pod and that container had env vars VAR1 set to VALUE1 and VAR2 set to VALUE2 then the vault-agent-init and vault-agent containers that are injected would have these variables in addition to the ones it adds for Vault. The use-case in very specific terms, is that we have airflow spinning up pods for dags, and it sets an ENV VAR for what the name of the DAG is when it spins up. We'd like to use this env var in the Vault Agent templates to pull different secrets based on the name of the DAG. Vault Agent can't read pod labels or annotations, but we can configure the template that airflow uses to set an ENV VAR to mirror the labels. If the Agent Injector copied the pod ENV VARs to the vault-agent and vault-agent-init containers then we could do this. |
Is your feature request related to a problem? Please describe.
We have custom solution to read secrets from vault and provide it for the apps to use. I wanted to replace the image provided by vault that is used as init/sidecar container and use our own image. Our custom image requires few env variable to work.
Provide a way to pass env variables from mentioned application dc (annotations) to init/sidecar container env variable.
Describe the solution you'd like
extraEnvironmentVars option that is provided in application DC, make it available to init/sidecar as environment variable. I can then this option to inject my required variables to sidecar/init images.
If this change is provided I will be able to use vault agent in our organisation.
The text was updated successfully, but these errors were encountered: