Open cerginio opened 3 years ago
@cerginio Thank you for opening the issue. We'll add it to our documentation.
Is it possible to force SecretProviderClass resource creation with some default secret values even if secrets are not present in Azure KeyVault?
No, that's currently not possible. If any of the secret is missing it'll cause the volume mount to fail. This is the issue requesting similar feature: https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/567
This issue is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days.
This issue is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days.
This issue was closed because it has been stalled for 21 days with no activity. Feel free to re-open if you are experiencing the issue again.
plz try below comments:
helm repo add csi-secrets-store-provider-azure https://azure.github.io/secrets-store-csi-driver-provider-azure/charts
helm install csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --generate-name --namespace
secretprovider.yml
apiVersion: secrets-store.csi.x-k8s.io/v1 kind: SecretProviderClass metadata: name: azure-kvname-user-msi spec: provider: azure secretObjects:
key: samplesecret
objectName: samplesecret
secretName: test-secrets-store
type: Opaque
parameters:
usePodIdentity: "false"
useVMManagedIdentity: "true" # Set to true for using managed identity
userAssignedIdentityID: " |
array: |
---|
objectName: samplesecret objectType: secret # object types: secret, key, or cert objectAlias: samplesecret objectVersion: "" # [OPTIONAL] object versions, default to latest if empty
its working for me.
missing secret in Azure KeyVault prevents initialization of SecretProviderClass .
This behavior leads to blocked deployment in CrashLoop state.
Is it possible to force SecretProviderClass resource creation with some default secret values even if secrets are not present in Azure KeyVault?
Please make a note about expected behavior and configuration options for missing secret case in your documentation: troubleshooting or known-limitations articles