Injection of HTTP_PROXY environment variables into vault-injector sidecars

Currently, i’m deploying Vault-Injector using Kustomize in my cluster (see https://github.com/hashicorp/vault-k8s/blob/master/kustomization.yaml). My use-case is that I want to communicate from my cluster with an external Vault server, which is only accessible using HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables when performing HTTP requests. Now, I’ve followed this guide to deploy vault-injector inside my cluster: https://learn.hashicorp.com/tutorials/vault/kubernetes-external-vault. It works great, except for the sidecar when creating deployments that require Vault secrets.

I can’t find a way to inject the HTTP_PROXY env variables inside the sidecar automatically (or in any other way). So my question is: is it possible to do that and if not, could it be implemented?

Thanks!

1 Like

I’m also interested in this.

My use case is that I want to consume Vault from a legacy Kubernetes cluster in which I cannot enforce a stable outgoing IP address via Cloud NAT or some other similar method due to the cluster not matching some constraints. Since recreating this cluster now would be too difficult, an easier temporary solution would be to make the injector set these env variables in the agent init/sidecar containers so I only allow access to vault from the proxy IPs.