Is your feature request related to a problem? Please describe.
Kubernetes allows to mount a secret in the container file system. This is a more secure method over listing and retrieving them from api-server. Allows for a simpler RBAC configuration.
Reference to spring-cloud-kubernetes
Describe the solution you'd like
Following spring approach: secrets discovery through api-server should be disabled by default (can be enabled from configuration if necessary).
The application should read all declared secrets paths (using a custom reader, because mounted k8s secrets have a specific structure).
Describe alternatives you've considered
The only alternative is to improve rbac and limit access to a specific secret (but in my opinion is far more time consuming and it may be required to change it multiple times)
Is your feature request related to a problem? Please describe.
Kubernetes allows to mount a secret in the container file system. This is a more secure method over listing and retrieving them from api-server. Allows for a simpler RBAC configuration.
Reference to spring-cloud-kubernetes
Describe the solution you'd like
Following spring approach: secrets discovery through api-server should be disabled by default (can be enabled from configuration if necessary).
The application should read all declared secrets paths (using a custom reader, because mounted k8s secrets have a specific structure).
Describe alternatives you've considered
The only alternative is to improve rbac and limit access to a specific secret (but in my opinion is far more time consuming and it may be required to change it multiple times)