Skip to content

Read kubernetes mounted secrets #976

Description

@davgia

Is your feature request related to a problem? Please describe.

Kubernetes allows to mount a secret in the container file system. This is a more secure method over listing and retrieving them from api-server. Allows for a simpler RBAC configuration.

Reference to spring-cloud-kubernetes

Describe the solution you'd like

Following spring approach: secrets discovery through api-server should be disabled by default (can be enabled from configuration if necessary).
The application should read all declared secrets paths (using a custom reader, because mounted k8s secrets have a specific structure).

Describe alternatives you've considered

The only alternative is to improve rbac and limit access to a specific secret (but in my opinion is far more time consuming and it may be required to change it multiple times)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions