Hi guys, is there a possibility to inject a kubernetes secret into a deployment/pod using stdin with command?
scenario is to reduce the attack surface, where variables and files are exposed to other processes within the container. and it would be very interesting to do this built-in.
Kubernetes version: 1.27
I found a stdin parameter in the CRI and Kubernetes specifications that can be used, but I didn’t understand how, since it is a boolean.
This way does not work, as it executes everything inside the container.
Once an environment/volume variable is exposed, in cases where the image is vulnerable, any other process that can access the container will be able to access them.
via stdin only the official process will receive this value, and it will not be possible to obtain it later.