Inject secret to an init container

alifiroozi80 · March 12, 2023, 9:30am

Hello everyone,
I have a simple deployment with 1 main Pod and 1 InitContainer.

I successfully installed the vault in K8s, and my deployment without the init container works fine.

This is the template. annotations of my deployment:

vault.hashicorp.com/agent-inject: 'true'
vault.hashicorp.com/tls-skip-verify: 'true'
vault.hashicorp.com/agent-inject-status: 'update'
vault.hashicorp.com/role: 'digify'
vault.hashicorp.com/agent-inject-secret-backend: "secret/digify/backend"
vault.hashicorp.com/agent-inject-template-backend: |
  {{- with secret "secret/digify/backend" -}}
  {
    "pass": "{{ .Data.data.pass }}"
  }
  {{- end }}

But the problem is my init container is using this same secret, and I want to pass it to the init container too.

But apparently, this doesn’t automatically inject secret to the init containers (only main and sidecar containers)

How can I pass it on to the init containers too?

alifiroozi80 · March 13, 2023, 9:29am

OK, I found it myself.

If we have init containers, we should add this annotation too:
vault.hashicorp.com/agent-init-first: 'true'

source

Topic		Replies	Views
K8s init container secrets injection Vault k8s , vault	0	376	July 22, 2021
Injecting Secrets with Vault on K8s Vault	3	622	March 22, 2020
Can't get vault-agent-init container to get a secret from Vault Vault k8s , vault	1	3000	September 28, 2021
Vault: init container cannot authenticate to Vault Vault k8s , vault	9	1745	June 26, 2023
Vault Agent doesn't inject SideCar container to newly created K8S node Vault	3	1396	March 11, 2023

Inject secret to an init container

Related topics