You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
This may just require clarification in the documentation. When using the vault.security.banzaicloud.io/vault-ct-secrets-mount-path annotation for consul-template (VSWH) the ct-secrets (EmptyDir) volume is mounted at the location specified in the annotation in all containers except for the consult-template container which continues to mount the volume at the default location: /vault/secrets.
This means that the template should set the destination under /vault/secrets/ but other containers reading the rendered files use the path specified by the annotation.
Note that this is an important issue for us since we are trying to minimize what parts of the filesystem are writable (if any).
Describe the solution you'd like
Either:
Clarify the documentation on this behaviour; or
Modify the consul-template container to mount and use the ct-secrets volume at the same path as the other containers.
Describe alternatives you've considered
Knowing this volume has a different mount point in the consul-template container makes it easy to work around the inconsistency.
Additional context
None
The text was updated successfully, but these errors were encountered:
Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.
This issue has been marked stale for 20 days, and is now closed due to inactivity. If the issue is still relevant, please re-open this issue or file a new one. Thank you!
Is your feature request related to a problem? Please describe.
This may just require clarification in the documentation. When using the
vault.security.banzaicloud.io/vault-ct-secrets-mount-path
annotation for consul-template (VSWH) thect-secrets
(EmptyDir) volume is mounted at the location specified in the annotation in all containers except for theconsult-template
container which continues to mount the volume at the default location:/vault/secrets
.This means that the template should set the
destination
under/vault/secrets/
but other containers reading the rendered files use the path specified by the annotation.Note that this is an important issue for us since we are trying to minimize what parts of the filesystem are writable (if any).
Describe the solution you'd like
Either:
Describe alternatives you've considered
Knowing this volume has a different mount point in the consul-template container makes it easy to work around the inconsistency.
Additional context
None
The text was updated successfully, but these errors were encountered: