Yeah it is working now.
And, I tried to add details from below below links, and generated another secretprovider yaml file so that it would get both as files and secret objects.
https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access
https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver
# This is a SecretProviderClass example using user-assigned identity to access your key vault
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: azure-kvname-user-msi
spec:
provider: azure
parameters:
usePodIdentity: "false"
useVMManagedIdentity: "true" # Set to true for using managed identity
userAssignedIdentityID: ******* # Set the clientID of the user-assigned managed identity to use
keyvaultName: devtest-large-keyvault # Set to the name of your key vault
cloudName: "" # [OPTIONAL for Azure] if not provided, the Azure environment defaults to AzurePublicCloud
secretObjects: # [OPTIONAL] SecretObjects defines the desired state of synced Kubernetes secret objects
- data:
- key: username # data field to populate
objectName: foo1 # name of the mounted content to sync; this could be the object name or the object alias
secretName: foosecret # name of the Kubernetes secret object
type: Opaque
objects: |
array:
- |
objectName: ExampleSecret
objectType: secret # object types: secret, key, or cert
objectVersion: "" # [OPTIONAL] object versions, default to latest if empty
- |
objectName: ExampleSecret1
objectType: secret # object types: secret, key, or cert
objectVersion: ""
- |
objectName: ExampleSecret2
objectType: secret # object types: secret, key, or cert
objectVersion: ""
tenantId: ********** # The tenant ID of the key vault
But, getting below error.
kubectl apply -f .\Desktop\secretproviderclass.yaml
error: error validating ".\\Desktop\\secretproviderclass.yaml": error validating data: ValidationError(SecretProviderClass.spec.parameters.secretObjects): invalid type for io.x-k8s.csi.secrets-store.v1.SecretProviderClass.spec.parameters: got "array", expected "string"; if you choose to ignore these errors, turn validation off with --validate=false