-
Bug
-
Resolution: Done
-
Undefined
-
None
-
4.14, 4.15, 4.16
Description of problem:
Doc link: https://docs.openshift.com/container-platform/4.15/nodes/pods/nodes-pods-secrets-store.html#secrets-store-aws_nodes-pods-secrets-store Section: 4. Create a deployment to use this secret provider class Example deployment.yaml Issue: Need to add serviceAccountName: aws-provider inside deployment.yaml under path .spec.template.spec. Similarly for Doc link: https://docs.openshift.com/container-platform/4.15/nodes/pods/nodes-pods-secrets-store.html#secrets-store-aws_nodes-pods-secrets-store-parameter-store Section: 4. Create a deployment to use this secret provider class Example deployment.yaml
Additional info: Without adding serviceAccountName inside dep, pod wont reach to running state.
Fixed deployment.yaml may look like.
apiVersion: apps/v1 kind: Deployment metadata: name: my-aws-deployment namespace: my-namespace spec: replicas: 1 selector: matchLabels: app: my-storage template: metadata: labels: app: my-storage spec: serviceAccountName: aws-provider containers: - name: busybox image: k8s.gcr.io/e2e-test-images/busybox:1.29 command: - "/bin/sleep" - "10000" volumeMounts: - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true volumes: - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: "my-aws-provider"