https://tech.uvoo.io/index.php?action=history&feed=atom&title=Key_vault_csi_secret_mount
Key vault csi secret mount - Revision history
2026-04-09T12:06:05Z
Revision history for this page on the wiki
MediaWiki 1.35.2
https://tech.uvoo.io/index.php?title=Key_vault_csi_secret_mount&diff=5389&oldid=prev
Busk at 02:35, 7 December 2024
2024-12-07T02:35:42Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 02:35, 7 December 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Code</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Code</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">## Readme</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-driver</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">```</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">az aks enable-addons --addons azure-keyvault-secrets-provider --name myAKSCluster --resource-group myResourceGroup</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">```</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-nginx-tls</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>## main.sh</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>## main.sh</div></td></tr>
</table>
Busk
https://tech.uvoo.io/index.php?title=Key_vault_csi_secret_mount&diff=5388&oldid=prev
Busk: Created page with "# Code ## main.sh ``` #!/bin/bash set -eu . ../includes/main.sh az keyvault secret set --vault-name $AKS_SECRETS_KV_NAME --name my-secret --value "test value" export AKS_MAN..."
2024-12-07T02:34:48Z
<p>Created page with "# Code ## main.sh ``` #!/bin/bash set -eu . ../includes/main.sh az keyvault secret set --vault-name $AKS_SECRETS_KV_NAME --name my-secret --value "test value" export AKS_MAN..."</p>
<p><b>New page</b></p><div># Code<br />
<br />
## main.sh<br />
```<br />
#!/bin/bash<br />
set -eu<br />
. ../includes/main.sh<br />
<br />
az keyvault secret set --vault-name $AKS_SECRETS_KV_NAME --name my-secret --value "test value"<br />
export AKS_MANAGED_IDENTITY=$(az aks show --resource-group $RGRP_NAME --name $AKS_NAME --query "addonProfiles.azureKeyvaultSecretsProvider.identity.clientId" --output tsv)<br />
echo $AKS_MANAGED_IDENTITY<br />
<br />
envtpl --keep-template secret-provider-class.yaml.tpl<br />
kubectl apply -f secret-provider-class.yaml<br />
kubectl apply -f ubuntu-pod.yaml<br />
```<br />
<br />
## secret-provider-class.yaml.tpl<br />
```<br />
apiVersion: secrets-store.csi.x-k8s.io/v1<br />
kind: SecretProviderClass<br />
metadata:<br />
name: azure-keyvault<br />
spec:<br />
provider: azure<br />
secretObjects:<br />
- secretName: my-aks-secret<br />
type: Opaque<br />
data:<br />
- objectName: my-secret<br />
key: secret-key<br />
parameters:<br />
usePodIdentity: "false"<br />
useVMManagedIdentity: "true"<br />
# userAssignedIdentityID: "<your-managed-identity-client-id>"<br />
userAssignedIdentityID: "{{ AKS_MANAGED_IDENTITY }}"<br />
keyvaultName: "{{ AKS_SECRETS_KV_NAME }}"<br />
cloudName: ""<br />
objects: |<br />
array:<br />
- |<br />
objectName: my-secret<br />
objectType: secret<br />
objectVersion: ""<br />
tenantId: "{{ ARM_TENANT_ID }}"<br />
```<br />
<br />
## ubuntu-pod.yaml<br />
```<br />
apiVersion: v1<br />
kind: Pod<br />
metadata:<br />
name: ubuntu-pod<br />
spec:<br />
containers:<br />
- name: ubuntu-container<br />
image: ubuntu:24.04<br />
command: ["/bin/sh"]<br />
args: ["-c", "sleep infinity"]<br />
volumeMounts:<br />
- name: secrets-store-inline<br />
mountPath: "/mnt/secrets-store"<br />
readOnly: true<br />
volumes:<br />
- name: secrets-store-inline<br />
csi:<br />
driver: secrets-store.csi.k8s.io<br />
readOnly: true<br />
volumeAttributes:<br />
secretProviderClass: "azure-keyvault"<br />
```<br />
<br />
## .env<br />
```<br />
set env vars values<br />
```<br />
<br />
## run<br />
```<br />
. .env<br />
./main.sh<br />
```</div>
Busk