vault.hashicorp.com/agent-configmap

[MorganReid]

After vault is integrated with k8s, secret data can be obtained from vault service in the form of annotation or configmap. Everything works fine when using annotations. I customized the storage path as /vault/signserverEnv instead of the default path /vault/secrets.

        vault.hashicorp.com/agent-inject-secret-ManagementCA.crt: secret/data/Dev/Security/signserver/config
        vault.hashicorp.com/secret-volume-path-ManagementCA.crt: /vault/signserverEnv
        vault.hashicorp.com/agent-inject-template-ManagementCA.crt: |
          {{- with secret "secret/data/Dev/Security/signserver/config" -}}
              {{base64Decode .Data.data.ManagementCA}}
          {{- end -}}

But when I use configmap vault.hashicorp.com/agent-configmap: vault-template-config

The configuration of config is as follows

"auto_auth" = {
	"method" = {
		"type" = "kubernetes"
		"config" = {
			"role" = "signserverdev"
		}
	}
}
"exit_after_auth" = true
"template" = {
	"perms" ="0777"
	"destination" = "/vault/signserverEnv/ManagementCA.crt"
	"contents" = "{{- with secret  \"secret/data/Dev/Security/signserver/config\" -}}{{base64Decode .Data.data.ManagementCA}}{{- end -}}"
} 

Report the following error message This shows that there is no permission to create, I checkedvault agent template document，find create_dest_dirs（default true）andperms(Already set to 0777)might solve the problem, but unfortunately also got the error above. Can you help me how to set it up? (The boss is very angry now)

[RebootFixesAll]

add the annotation vault.hashicorp.com/secret-volume-path: "/vault/signserverEnv/"