Hello, I am currently using Vault inside my kubernetes clusters. (installed with the Helm chart).
I am trying to use the Vault Injector on cronjobs and it looks like it is causing issues :
When my container is terminated, the vault agent injector is still running. So, for Kubernetes, the pod is still active and following cronjobs run are stopped.
Here is the cronjob configuration :
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: reset-staging-cronjob
spec:
schedule: "0 3 * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
backoffLimit: 1
jobTemplate:
spec:
template:
metadata:
annotations:
vault.hashicorp.com/auth-path: "auth/kubernetes/staging"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/role: "vault-role"
vault.hashicorp.com/agent-inject-secret-.env: "applications/staging"
vault.hashicorp.com/agent-inject-template-.env: |
{{ with secret "/applications/staging" }}
{{ range $k, $v := .Data.data }}
{{ $k }}={{ $v }}
{{ end }}
{{ end }}
spec:
containers:
- name: reset-staging-cronjob
image: _IMAGE_NAME_
command: ["sh", "web/cli/resetStagingDatabase.sh"]
restartPolicy: OnFailure
imagePullSecrets:
- name: docker-hub-config
serviceAccountName: vault
automountServiceAccountToken: true
kubectl output (shortened) :
Containers:
clear-namespaces-cronjob:
State: Terminated
Reason: Completed
Exit Code: 0
Started: Tue, 12 May 2020 14:36:18 +0200
Finished: Tue, 12 May 2020 14:36:31 +0200
Ready: False
Restart Count: 0
vault-agent:
Image: vault:1.4.0
State: Running
Started: Tue, 12 May 2020 14:36:18 +0200
Ready: True
If someone has any idea how I can configure Vault to stop when the attached container is terminated, that would be helpful