Share via

SecretProviderClass syntax not working

Uday Kiran Reddy (ureddy) 86 Reputation points
2022-03-17T08:23:24.533+00:00

Yeah it is working now.

And, I tried to add details from below below links, and generated another secretprovider yaml file so that it would get both as files and secret objects.

https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access
https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver 

# This is a SecretProviderClass example using user-assigned identity to access your key vault  
apiVersion: secrets-store.csi.x-k8s.io/v1  
kind: SecretProviderClass  
metadata:  
  name: azure-kvname-user-msi  
spec:  
  provider: azure  
  parameters:  
    usePodIdentity: "false"  
    useVMManagedIdentity: "true"          # Set to true for using managed identity  
    userAssignedIdentityID: *******   # Set the clientID of the user-assigned managed identity to use  
    keyvaultName: devtest-large-keyvault        # Set to the name of your key vault  
    cloudName: ""                         # [OPTIONAL for Azure] if not provided, the Azure environment defaults to AzurePublicCloud  
    secretObjects:                              # [OPTIONAL] SecretObjects defines the desired state of synced Kubernetes secret objects  
    - data:  
      - key: username                           # data field to populate  
        objectName: foo1                        # name of the mounted content to sync; this could be the object name or the object alias  
      secretName: foosecret                     # name of the Kubernetes secret object  
      type: Opaque       
    objects:  |  
      array:  
        - |  
          objectName: ExampleSecret  
          objectType: secret              # object types: secret, key, or cert  
          objectVersion: ""               # [OPTIONAL] object versions, default to latest if empty  
        - |  
          objectName: ExampleSecret1  
          objectType: secret              # object types: secret, key, or cert  
          objectVersion: ""   
          - |  
          objectName: ExampleSecret2  
          objectType: secret              # object types: secret, key, or cert  
          objectVersion: ""   
    tenantId: **********                # The tenant ID of the key vault

But, getting below error. 

kubectl apply -f .\Desktop\secretproviderclass.yaml  
error: error validating ".\\Desktop\\secretproviderclass.yaml": error validating data: ValidationError(SecretProviderClass.spec.parameters.secretObjects): invalid type for io.x-k8s.csi.secrets-store.v1.SecretProviderClass.spec.parameters: got "array", expected "string"; if you choose to ignore these errors, turn validation off with --validate=false
Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,194 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,999 questions
Accepted answer
  1. shiva patpi 13,171 Reputation points Microsoft Employee
    2022-03-20T01:21:48.34+00:00

    Hello @Uday Kiran Reddy (ureddy) ,
    I was also getting the same error by using your YAML file

    184789-image.png

    There was a slight mistake , basically the "secretObjects" should be parallel to the parameters , but you have placed secretobject under parameters.

    see the modified one:

    184848-image.png

    After modifying , I am able to create successfully:

    184862-image.png

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest