-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EKS K8s secret cannot be created from volume mount with secret store csi driver #92
Comments
Exactly the same issue here. Seems secretproviderclass is not creating the secret when mounting volume. |
Experiencing the same exact issue - can successfully see mounted secrets within the pod but kubernetes secret object not being created when mounting volume for a env var. pod is stuck in creation. |
Experiencing the same exact issue |
Just in case it works for someone. I fixed it by enabling syncsecret on helm instantiation.
|
I just upgraded my helm install with the following:
Even with this change the secret is still not being created from the volume mount, maybe I'm missing something. |
@flaviops I had the same issue and setting
Have you looked at the events to see if maybe you're running into the same issue? |
I noticed that the ClusterRole is missing permissions to get/create/patch secrets Add the following permissions to your ClusterRole
Also, the secret name has to be referenced somewhere in your Pod spec (in |
It was a similar problem, thanks for the help |
It worked for me. --set syncSecret.enabled=true . However, it only works when a pod mounts a volume using the SecretProviderClass by name. I would prefer it to create the secret independently. |
If you check the secret-store-csi-driver Helm chart, you can see that if you set the syncSecret.enabled=true then a separate ClusterRole and ClusterRoleBinding will be created with the proper permissions to access k8s secrets: |
I want to pass the aws secrets manager secret as an environment variable to the eks container. However even after correctly volume mounted the secret, the kubernetes secret could not be created from the volume mount.
I am using the roles and service account mentioned in the document.
To Reproduce
Here is my secretprovider class:
My deployment manifest section where I am passing the secret as an Environment variable:
However the Pod goes to CreateContainerConfigError state and the following error was encountered:
Expected behavior
The secret should be created and passed as an environment variable to the kubernetes container.
Additional context
As mentioned in the description above I can though retrieve the secret in the volume mounted:
Thanks.
The text was updated successfully, but these errors were encountered: