How can I inject secrets from Vault into K8s, e.g. to pull from a private registry, without storing them as secrets in K8s itself?
There are several ways to do this in combination with Vault, besides the solution provided by the K8s documentation:
Additionally, there is also an ArgoCD plugin that might be useful.
I linked the respective documentation where you can find more detailed information and tutorials, also here is an overview.