Feature Request: inject secrets into init containers #39
Comments
|
@artazar I don't know if there is a good way to guarantee that the secret sidecar starts before other init containers. Ordinarily, init containers are started in the order in which they appear in the Spec, but we're injecting the sidecar through a mutating webhook. We would probably need to modify the webhook to enumerate the pods init containers and re-create the array of init containers so that the secret-sidecar always starts first. @amit0701 |
|
@artazar I just merged a PR which would add the secret-sidecar as the first initContainer. This would make sure that the secret sidecar is started first. However, if I understand your request, you would like the admission controller to add the mounts for the secret volume in the remaining init containers as well. In the meanwhile, a workaround would be manually edit the pod after the initial mutation is done to add volumes for "secret-vol" in the remaining init containers |
In case a pod definition contains init containers, e.g. for bootstrapping a database prior to the launch, they do not inherit the same injected secrets as the main container does.
It would be nice if aws-secret-sidecar-injector could add the default set of volume mounts to all containers that take part in the pod lifecycle.
The text was updated successfully, but these errors were encountered: