Steeltoe icon indicating copy to clipboard operation
Steeltoe copied to clipboard
verified publisher icon SteeltoeOSS

Read kubernetes mounted secrets

Open davgia opened this issue 3 years ago • 1 comments

Is your feature request related to a problem? Please describe.

Kubernetes allows to mount a secret in the container file system. This is a more secure method over listing and retrieving them from api-server. Allows for a simpler RBAC configuration.

Reference to spring-cloud-kubernetes

Describe the solution you'd like

Following spring approach: secrets discovery through api-server should be disabled by default (can be enabled from configuration if necessary). The application should read all declared secrets paths (using a custom reader, because mounted k8s secrets have a specific structure).

Describe alternatives you've considered

The only alternative is to improve rbac and limit access to a specific secret (but in my opinion is far more time consuming and it may be required to change it multiple times)

davgia avatar Aug 04 '22 07:08 davgia

@DaviGia thanks for opening the issue, but is it effectively the same as https://github.com/SteeltoeOSS/Steeltoe/issues/210?

Looks like there was more detail for that issue recorded in my head than online, I have added more info there, but if it still doesn't strike you as the same then please add more info here

TimHess avatar Aug 09 '22 22:08 TimHess

Closing due to lack of additional info, please reopen or file a new issue if I'm you'd like to see something different

TimHess avatar Jun 12 '23 16:06 TimHess