I was very happy to see the newish vault-k8s project to render secrets to a shared volume so containers in a k8s pod can consume them without being Vault aware.
Is it possible to have vault-k8s inject secrets from Vault into a kube secrets object instead? Not sure why you chose to write to a shared volume instead of kube secrets?
In our case, we have a pre-deploy step that renders secrets out of Vault and injects them into kube manifest templates, including kube secrets objects that we then use with kubectl apply.
I was hoping to use vault-k8s to replace our pre-deploy template muckery but, it seems we would have to adjust our services to look for secrets in a shared volume instead of using k8s secrets. Do I have that right?