Azure / secrets-store-csi-driver-provider-azure

Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
https://azure.github.io/secrets-store-csi-driver-provider-azure/
MIT License
438 stars 193 forks source link

missing secret in KeyVault prevents initialization of SecretProviderClass #645

Open cerginio opened 3 years ago

cerginio commented 3 years ago

missing secret in Azure KeyVault prevents initialization of SecretProviderClass .

This behavior leads to blocked deployment in CrashLoop state.

Is it possible to force SecretProviderClass resource creation with some default secret values even if secrets are not present in Azure KeyVault?

Please make a note about expected behavior and configuration options for missing secret case in your documentation: troubleshooting or known-limitations articles

aramase commented 3 years ago

@cerginio Thank you for opening the issue. We'll add it to our documentation.

Is it possible to force SecretProviderClass resource creation with some default secret values even if secrets are not present in Azure KeyVault?

No, that's currently not possible. If any of the secret is missing it'll cause the volume mount to fail. This is the issue requesting similar feature: https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/567

github-actions[bot] commented 3 years ago

This issue is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days.

github-actions[bot] commented 3 years ago

This issue is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days.

github-actions[bot] commented 3 years ago

This issue was closed because it has been stalled for 21 days with no activity. Feel free to re-open if you are experiencing the issue again.

ThomsonSibiMukkada commented 2 years ago

plz try below comments:

helm repo add csi-secrets-store-provider-azure https://azure.github.io/secrets-store-csi-driver-provider-azure/charts

helm install csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --generate-name --namespace --set secrets-store-csi-driver.syncSecret.enabled=true

secretprovider.yml

apiVersion: secrets-store.csi.x-k8s.io/v1 kind: SecretProviderClass metadata: name: azure-kvname-user-msi spec: provider: azure secretObjects:

its working for me.