SecretProviderClass syntax not working

Uday Kiran Reddy (ureddy) 96 Reputation points
2022-03-17T08:23:24.533+00:00

Yeah it is working now.

And, I tried to add details from below below links, and generated another secretprovider yaml file so that it would get both as files and secret objects.

https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access
https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver

# This is a SecretProviderClass example using user-assigned identity to access your key vault  
apiVersion: secrets-store.csi.x-k8s.io/v1  
kind: SecretProviderClass  
metadata:  
  name: azure-kvname-user-msi  
spec:  
  provider: azure  
  parameters:  
    usePodIdentity: "false"  
    useVMManagedIdentity: "true"          # Set to true for using managed identity  
    userAssignedIdentityID: *******   # Set the clientID of the user-assigned managed identity to use  
    keyvaultName: devtest-large-keyvault        # Set to the name of your key vault  
    cloudName: ""                         # [OPTIONAL for Azure] if not provided, the Azure environment defaults to AzurePublicCloud  
    secretObjects:                              # [OPTIONAL] SecretObjects defines the desired state of synced Kubernetes secret objects  
    - data:  
      - key: username                           # data field to populate  
        objectName: foo1                        # name of the mounted content to sync; this could be the object name or the object alias  
      secretName: foosecret                     # name of the Kubernetes secret object  
      type: Opaque       
    objects:  |  
      array:  
        - |  
          objectName: ExampleSecret  
          objectType: secret              # object types: secret, key, or cert  
          objectVersion: ""               # [OPTIONAL] object versions, default to latest if empty  
        - |  
          objectName: ExampleSecret1  
          objectType: secret              # object types: secret, key, or cert  
          objectVersion: ""   
          - |  
          objectName: ExampleSecret2  
          objectType: secret              # object types: secret, key, or cert  
          objectVersion: ""   
    tenantId: **********                # The tenant ID of the key vault  

But, getting below error.

kubectl apply -f .\Desktop\secretproviderclass.yaml  
error: error validating ".\\Desktop\\secretproviderclass.yaml": error validating data: ValidationError(SecretProviderClass.spec.parameters.secretObjects): invalid type for io.x-k8s.csi.secrets-store.v1.SecretProviderClass.spec.parameters: got "array", expected "string"; if you choose to ignore these errors, turn validation off with --validate=false  
Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,327 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,180 questions
{count} votes

Accepted answer
  1. shiva patpi 13,256 Reputation points Microsoft Employee
    2022-03-20T01:21:48.34+00:00

    Hello @Uday Kiran Reddy (ureddy) ,
    I was also getting the same error by using your YAML file

    184789-image.png

    There was a slight mistake , basically the "secretObjects" should be parallel to the parameters , but you have placed secretobject under parameters.

    see the modified one:

    184848-image.png

    After modifying , I am able to create successfully:

    184862-image.png

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.