[vault-secrets-web-hook] unexpected behaviour for consul-template volumes

[jkirkham-ratehub]

Is your feature request related to a problem? Please describe.
This may just require clarification in the documentation. When using the vault.security.banzaicloud.io/vault-ct-secrets-mount-path annotation for consul-template (VSWH) the ct-secrets (EmptyDir) volume is mounted at the location specified in the annotation in all containers except for the consult-template container which continues to mount the volume at the default location: /vault/secrets.

This means that the template should set the destination under /vault/secrets/ but other containers reading the rendered files use the path specified by the annotation.

Note that this is an important issue for us since we are trying to minimize what parts of the filesystem are writable (if any).

Describe the solution you'd like
Either:

1. Clarify the documentation on this behaviour; or
2. Modify the consul-template container to mount and use the ct-secrets volume at the same path as the other containers.

Describe alternatives you've considered
Knowing this volume has a different mount point in the consul-template container makes it easy to work around the inconsistency.

Additional context
None

[github-actions]

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

[github-actions]

This issue has been marked stale for 20 days, and is now closed due to inactivity. If the issue is still relevant, please re-open this issue or file a new one. Thank you!