CSI Secret Store Driver
Opened this issue · 4 comments
User Story
As a cluster administrator
I want to offer my users in their namespaced environement the ability to retrieve secrets using -now standardized- CSI secret drivers
So that i can easily offer alternative secret provider in case of specific needs and still offer the same syntax to end users
Test Scenarios
Given the CSI driver is deployed on the cluster by an administrator
When a user creates their SecretProviderClass and secrets-store-inline
Then the user is able to retrieve secrets with inline volume
Given the CSI driver is deployed on the cluster by an administrator
When a user creates their SecretProviderClass with secretObjects
Then the user is able to retrieve secrets within a synchronized kubernetes secret
Implementation
Notes
CSI driver repository
https://github.com/kubernetes-sigs/secrets-store-csi-driver
Syntax example: Sync as inline volume
https://secrets-store-csi-driver.sigs.k8s.io/getting-started/usage.html
Sync as secret
https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html
Implementation Tasks
The following issues have been created to implement this user story:
We are aware of the CSI standard and see the value in using it serve secrets. However, at this time, we have no immediate plans to integrate. If you are interested in contributing such an integration, perhaps provide some more details about the implementation you envision. Thanks.
Any updates in this area? It would be nice to have a similar integration as for e.g. HashiCorp Vault (https://github.com/hashicorp/vault-csi-provider)
Any updates in this area? Looks like Secret Store CSI Driver will be a standard way in k8s now.