Open TsuyoshiUshio opened 5 years ago
Also interested in this. What is the best practice for swapping these values based on stage (i.e., dev
, prod
)?
Also interested in this. What is the best practice for swapping these values based on stage (i.e.,
dev
,prod
)?
subscriptionId is optional and tenantId is often fairly static, we just hardcode it as we only have one tenant that we deploy to
We deploy dev
and prod
to different subscriptions. Would be great to swap these out by stage, along with the keyvaultname
We deploy
dev
andprod
to different subscriptions. Would be great to swap these out by stage, along with thekeyvaultname
then this doesn't apply? subscription id doesn't do anything any more, it's just ignored
why is tenantid needed? especially if we use pod identities: the managed resource which the pod refers to is already part of a tenant. Seems redundant to repeat "tenantid" in the specifications of the pod
I am also interested to see how sub and tenant Id info could be protected. Please, provide secret support.
Hey everyone,
Thanks for the feedback!
AKV Provider for Secrets Store CSI Driver is the next generation of this flexvol solution/repo. Please start using the secrets store csi driver as this solution has been deprecated.
Describe the request
The current yaml file requires SubscriptionId and Tenant Id on the yaml file. I'd like to find a way not to include these on the yaml file.
Explain why Key Vault FlexVolume needs it
yaml file is shared sometimes on GitHub. SubscriptionId and TenantId is pretty sensitive. I hope it is not included on a yaml file. I said secret, however, if the objective is achieved, I don't care the way to solve.
Describe the solution you'd like
You can get the value from the secret.
Describe alternatives you've considered
I can't come up with it.
Additional context
Nothing