Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth: support nodePublishSecretRef #58

Merged
merged 1 commit into from
Oct 6, 2020
Merged

auth: support nodePublishSecretRef #58

merged 1 commit into from
Oct 6, 2020

Conversation

tam7t
Copy link
Contributor

@tam7t tam7t commented Oct 6, 2020

Allows the pod definition to specify a K8S secret that the CSI driver should use when authenticating to GCP:

      volumes:
        - name: secrets-store-inline
          csi:
            driver: secrets-store.csi.k8s.io
            readOnly: true
            volumeAttributes:
              secretProviderClass: "gcp-sync"
            nodePublishSecretRef:
              name: secrets-store-creds

The Secret should be an exported SA credential:

gcloud iam service-accounts keys create OUTPUT-FILE --iam-account=IAM_ACCOUNT

and loaded like:

kubectl create secret generic secrets-store-creds --from-file=key.json=PATH-TO-KEY-FILE.json

This will be used when creating kind integration tests that may not run in an environment where workload identity or GCE instance metadata is available.

@tam7t tam7t requested a review from colinman October 6, 2020 16:42
@tam7t tam7t merged commit 58f547c into main Oct 6, 2020
@tam7t tam7t deleted the tam7t/secret-auth branch October 6, 2020 19:39
@gpamit gpamit mentioned this pull request Oct 31, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@colinman colinman colinman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tam7t @colinman