Open
Description
There are was already multiple issues requesting for such a feature: #96560 #4710 #140
But they are closed without any result. I'm opening a new issue to continue discussions about this topic
My own use case of preStart hook is following:
- our organization uses Hashicorp Vault for secrets management
- Hashicorp Vault is not synced with k8s secrets and there is no plans to integrate them, AFAIU, because of security reasons (it's worth to mention that Hashicorp Vault have an option to integrate with k8s secrets engine)
- we're deploying open source solution - DataHub
- DataHub fetches secrets from env vars
- currently there is no way to expose env vars from Vault secrets, except writing your own entrypoint, where you fetch secrets (either directly from Vault or from file where initContainer with Vault fetcher placed the secrets) and export env vars
- this approach forces us to modify docker images' default entrypoint, therefore we have to duplicate that default entrypoint to make it work. Entrypoint is not always just one script execution, though
- entrypoint modification requires manual sync with changes from original Docker image. It's pretty much error prone
With preStart hook this flow really simplifies, because we won't need to modify entrypoint. We just define preStart hook (with Helm just add some values to generate that hook) and everything just work out of box