I went through the official example of k8s injector and it did work without problems.
the annotations as mentioned in the example looks as follwoing:
vault.hashicorp.com/agent-inject: true
vault.hashicorp.com/agent-inject-status: update
vault.hashicorp.com/agent-inject-secret-foo: 'database/roles/app'
vault.hashicorp.com/agent-inject-template-foo: |
{{- with secret "database/creds/db-app" -}}
postgres://{{ .Data.username }}:{{ .Data.password }}@postgres:5432/mydb?sslmode=disable
{{- end }}
vault.hashicorp.com/role: 'app'
I was thinking if it is possible to get values from Consul’s KV as well, so I’ve changed the template to following:
vault.hashicorp.com/agent-inject-template-foo: |
value from consul = {{ key "test" }}
{{- with secret "database/creds/db-app" -}}
postgres://{{ .Data.username }}:{{ .Data.password }}@postgres:5432/mydb?sslmode=disable
{{- end }}
and I did recevie the following error:
v.block(test): Get "http://127.0.0.1:8500/v1/kv/test?stale=&wait=60000ms": dial tcp 127.0.0.1:8500: connect: connection refused (retry attempt 1 after "250ms")
which is understandable, since the consul address should be changed. My question is; is there a way to specifiy consul connection configurations such as address, token and tls certs for the vault injector?