I am working with Azure Redhat Open shift (ARO).
It has required to connect with Azure key vault. I have applied the following process to configure it.
We need to download open shift cli for windows Link1
Now extract zip file and move oc.exc into C:\Program Files\oc\oc.exc
Add this path into your environment variable.
Now open your command prompt execute the following command
oc login https://api.<your ARO server>.aroapp.io:6443 -u kubeadmin
oc new-project k8s-secrets-store-csi
oc adm policy add-scc-to-user privileged \
system:serviceaccount:k8s-secrets-store-csi:secrets-store-csi-driver
helm repo add secrets-store-csi-driver \
https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
helm repo update
helm install -n k8s-secrets-store-csi csi-secrets-store \
secrets-store-csi-driver/secrets-store-csi-driver \
--version v1.0.1 \
--set "linux.providersDir=/var/run/secrets-store-csi-providers"
kubectl --namespace=k8s-secrets-store-csi get pods -l "app=secrets-store-csi-driver"
helm repo add csi-secrets-store-provider-azure \
https://azure.github.io/secrets-store-csi-driver-provider-azure/charts
helm repo update
helm install -n k8s-secrets-store-csi azure-csi-provider \
csi-secrets-store-provider-azure/csi-secrets-store-provider-azure \
--set linux.privileged=true --set secrets-store-csi-driver.install=false \
--set "linux.providersDir=/var/run/secrets-store-csi-providers" \
--version=v1.0.1
oc adm policy add-scc-to-user privileged \
system:serviceaccount:k8s-secrets-store-csi:csi-secrets-store-provider-azure
oc new-project my-application
Now create a service principal and give the access to the key vault
kubectl create secret generic secrets-store-creds \
-n my-application \
--from-literal clientid=${SERVICE_PRINCIPAL_CLIENT_ID} \
--from-literal clientsecret=${SERVICE_PRINCIPAL_CLIENT_SECRET}
kubectl -n my-application label secret \
secrets-store-creds secrets-store.csi.k8s.io/used=true
