Vault integrates with k8s to overwrite the original files in the directory

I have successfully integrated vault and k8s, but I encountered a strange problem today. When I build the image through Dockerfile, I have the following command:
COPY start.sh /usr/src/app/
Then when integrating the configuration, there is the following configuration:

         vault.hashicorp.com/agent-inject-secret-client.crt: secret/data/infra/trgs
         vault.hashicorp.com/secret-volume-path-client.crt: /usr/src/app
         vault.hashicorp.com/agent-inject-template-client.crt: |-
           {{- with secret "secret/data/infra/trgs" -}}
           {{base64Decode.Data.data.clientcrt}}
           {{-end-}}

The service cannot be started normally because the start.sh file is missing in the /usr/src/app/ directory.
Later I replaced vault.hashicorp.com/secret-volume-path-client.crt to a new directory vault.hashicorp.com/secret-volume-path-client.crt:/xvault. Server can start normally.
The reason should be that the original files in the same directory were overwritten during the integration. Is there any good solution?

Although I agree that the documentation does not make this clear, this behaviour is what someone sufficiently familiar with Kubernetes volumes would expect.

As instructed by the

annotation, the injector has mounted a new empty tmpfs at

overriding what exists at that location in the Docker image.

The simple solution is that secret mount paths should be dedicated directories, separate from other content.