Mimir 可以从卷挂载中读取秘密吗？

我们的工作 k8 集群上有 kyverno，其政策规定 Secret 不得来自 envFrom 语句。

所以我正在尝试设置 mimir 分布式图表（版本 5.1.0）以使用卷挂载中的秘密。

我可以安装卷，并且可以看到文件中每个秘密的正确内容。

我的值文件如下所示：

alertmanager:
  extraVolumes:
    - name: secret-grafana-mimir
      secret:
        secretName: secret-grafana-mimir
  # Extra volume mounts that will be added to the alertmanager container
  extraVolumeMounts:
    - name: secret-grafana-mimir
      mountPath: "/etc/secret"
      readOnly: true

mimir:
  structuredConfig:
    
    alertmanager_storage:
      backend: azure
      azure:
        ## Recplaced the ${} var with the file path
        account_name: /etc/secret/MIMIR_STORAGE_ACCOUNT_NAME
        account_key: /etc/secret/MIMIR_STORAGE_ACCOUNT_KEY
        container_name: mimir-alaertmanager
    compactor:
      data_dir: "/data"
...

但是 Mimir 堆栈中的每个服务都会给出几乎相同的错误：

此错误来自 Mimir 警报管理器：

ts=2023-09-28T06:03:38.93765098Z caller=main.go:225 level=info msg="Starting application" version="(version=2.10.0, branch=HEAD, revision=77906f7)"
ts=2023-09-28T06:03:39.337442912Z caller=server.go:335 level=info msg="server listening on addresses" http=[::]:8080 grpc=[::]:9095
ts=2023-09-28T06:03:39.537634469Z caller=multitenant.go:156 level=warn msg="The configured Alertmanager HTTP prefix '/alertmanager' is different than the path specified in the external URL 'http://prometheus-alertmanager.observability:9093': the Alertmanager UI and API may not work as expected unless you have a reverse proxy exposing the Alertmanager endpoints under '/alertmanager' prefix"
ts=2023-09-28T06:03:39.538016272Z caller=log.go:87 level=error msg="error running application" err="decode account key: illegal base64 data at input byte 17\nerror initialising module: alertmanager\ngithub.com/grafana/dskit/modules.(*Manager).initModule\n\t/__w/mimir/mimir/vendor/github.com/grafana/dskit/modules/modules.go:138\ngithub.com/grafana/dskit/modules.(*Manager).InitModuleServices\n\t/__w/mimir/mimir/vendor/github.com/grafana/dskit/modules/modules.go:108\ngithub.com/grafana/mimir/pkg/mimir.(*Mimir).Run\n\t/__w/mimir/mimir/pkg/mimir/mimir.go:800\nmain.main\n\t/__w/mimir/mimir/cmd/mimir/main.go:227\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:267\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1650"