Support for mounting files/secrets on vcluster that can be accessed by the apiserver

[rharpavat]

Is your feature request related to a problem?

I'm working on a project that adds a custom webhook handler (for authentication/authorization) to a k8s cluster. We configure this on regular k8s clusters by:

1. Installing the webhook handler, which creates some secrets internally,
2. Manually extracting the secrets and putting them in a file accessible to the k8s cluster, and
3. Adding custom apiserver flags that reference those files, and restarting the apiserver.

For example, when testing I am using a minikube cluster - once the webhook is installed on the cluster, we manually extract the secrets, ssh into the node, and create those secret files on the node's filesystem so the apiserver can have access.

I'm wondering if there is a way to do this with a vcluster since the vcluster under the hood is just a pod, not a node. Our infrastructure would be creating a vcluster on top of an AKS cluster, onto which we'd need to install the custom webhook (which works fine). However I'm not sure where to put those secrets/files such that they would be accessible to the apiserver. I do see that there's a way to pass custom flags to the apiserver (

vcluster/conformance/v1.29/README.md

Line 24 in 53e3b7d

- --service-account-jwks-uri=https://kubernetes.default.svc.cluster.local/openid/v1/jwks

) but haven't been able to figure out if there is a way to mount the files such that the apiserver would be able to access them.

Any suggestions would be appreciated!

Which solution do you suggest?

No solution known at the moment but would like to see if this is possible/supported by vcluster.

Which alternative solutions exist?

N/A

Additional context

N/A