After vault is integrated with k8s, secret data can be obtained from vault service in the form of annotation or configmap.
Everything works fine when using annotations. I customized the storage path as /vault/signserverEnv instead of the default path /vault/secrets.
vault.hashicorp.com/agent-inject-secret-ManagementCA.crt: secret/data/Dev/Security/signserver/config
vault.hashicorp.com/secret-volume-path-ManagementCA.crt: /vault/signserverEnv
vault.hashicorp.com/agent-inject-template-ManagementCA.crt: |
{{- with secret "secret/data/Dev/Security/signserver/config" -}}
{{base64Decode .Data.data.ManagementCA}}
{{- end -}}
But when I use configmap
vault.hashicorp.com/agent-configmap: vault-template-config
The configuration of config is as follows
"auto_auth" = {
"method" = {
"type" = "kubernetes"
"config" = {
"role" = "signserverdev"
}
}
}
"exit_after_auth" = true
"template" = {
"perms" ="0777"
"destination" = "/vault/signserverEnv/ManagementCA.crt"
"contents" = "{{- with secret \"secret/data/Dev/Security/signserver/config\" -}}{{base64Decode .Data.data.ManagementCA}}{{- end -}}"
}
Report the following error message
This shows that there is no permission to create, I checkedvault agent template document,find create_dest_dirs(default true)andperms(Already set to 0777)might solve the problem, but unfortunately also got the error above. Can you help me how to set it up? (The boss is very angry now)