Clarification on Azure Annotations with Secret Store CSI Driver for KeyVault #1498
Unanswered
kamigerami
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
When leveraging the
kubernetes.azure.com/tls-cert-keyvault-uri annotation, it appears we can directly reference Azure KeyVault certificates without needing to explicitly define a SecretProviderClass. This process seems straightforward for fetching TLS certificates and auto-mounting them as Kubernetes secrets.However, for referencing other KeyVault secrets, it seems necessary to create a SecretProviderClass as opposed to just providing a keyvault-uri annotation for that particular secret.
Could you please clarify if my understanding is correct? Specifically, I'm trying to understand why the annotation approach does not require a SecretProviderClass for TLS certificates but does for other types of secrets. Is there an underlying reason for this distinction, or have I perhaps misunderstood how to use the CSI driver for non-TLS secrets?
Thank you in advance for your guidance.
Beta Was this translation helpful? Give feedback.
All reactions