Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
Describe the solution you'd like
Hello, currently it seems you have to mount a SecretProviderClass to a pod before it starts creating Kubernetes secrets. Would it be possible to have a SecretProviderClass be synced even without a pod or a volume mount?
Our use case is that we want to sync our wildcard certificate once for all apps/ingresses in the namespace that use it, without having to pick a specific app that will do have the side effect of ensuring the certificate is present in the namespace. This also allows us to have one specific managed identity/workload identity accessing the key vault for that certificate, instead of having different apps with different identities all have access to the same key vault.
Thank you for your time. :)
Environment:
Secrets Store CSI Driver version: (use the image tag): v1.4.3
Azure Key Vault provider version: (use the image tag): v1.5.2
Describe the solution you'd like Hello, currently it seems you have to mount a SecretProviderClass to a pod before it starts creating Kubernetes secrets. Would it be possible to have a SecretProviderClass be synced even without a pod or a volume mount?
Our use case is that we want to sync our wildcard certificate once for all apps/ingresses in the namespace that use it, without having to pick a specific app that will do have the side effect of ensuring the certificate is present in the namespace. This also allows us to have one specific managed identity/workload identity accessing the key vault for that certificate, instead of having different apps with different identities all have access to the same key vault.
Thank you for your time. :)
Environment:
kubectl version
): v1.25.9