Closed flrajjaladi closed 2 months ago
You need to define a kubernetes secret that your secretProviderClass
will create which your deployment
can then reference.
To do this you need to add a secretObjects
section to your secretProviderClass
. For example:
SecretProviderClass.yml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: secretProviderClass
metadata:
name: azure-kv-name
spec:
provider: azure
parameters:
usePodIdentity: "true"
clientID: <redacted>
keyvaultName: <redacted>
objects: |
array:
- |
objectName: AZURE-CLIENT-ID
objectType: string
objectAlias: AZURE_CLIENT_ID
- |
objectName: AZURE-CLIENT-SECRET
objectType: string
objectAlias: AZURE_CLIENT_SECRET
- |
objectName: EXAMPLESECRET
objectType: secret
objectAlias: EXAMPLESECRET
- |
objectName: POSTGRES-HOST
objectType: secret
objectAlias: POSTGRES_HOST
- |
objectName: POSTGRES-PORT
objectType: secret
objectAlias: POSTGRES_PORT
- |
objectName: POSTGRES-USER
objectType: secret
objectAlias: POSTGRES_USER
- |
objectName: POSTGRES-PASSWORD
objectType: secret
objectAlias: POSTGRES_PASSWORD
tenantId: <redacted>
secretObjects:
- data:
- key: AZURE-TENANT-ID
objectName: AZURE-TENANT-ID
- key: AZURE-CLIENT-ID
objectName: AZURE-CLIENT-SECRET
- key: AZURE-CLIENT-ID
objectName: AZURE-CLIENT-SECRET
secretName: your-secret-name
type: Opaque
Then in your Deployment file, the name value under each secretKeyRef
section should be your-secret-name
.
This issue is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days.
This issue was closed because it has been stalled for 21 days with no activity. Feel free to re-open if you are experiencing the issue again.
Hi Team, I have a backstage application running on k8 cluster (AKS) and have config which mounts azure secrets at location
/mnt/secrets
which is working as intended able to verify the secret has been mounted properly. Now the goal is exposing these as env variable so that backstage app able to read and utilize them dynamically.Having issues with achieving the above goal providing my config for SecretProviderClass and part of my deployment.yaml
Please let me know if i need to provide any additional information required to debug.Any help is greatly appreciated. Thanks.