Secrets Store CSI Driver was developed by Microsoft to allow for secure access of Azure KeyVault secrets from an AKS cluster.
It addresses a shortcoming with Kubernets secrets
, whereby they are only Base64-encoded, and can therefore be easily read.
Secrets Store CSI Driver provides seamless integration with Azure Keyvault, and allows you to access Kubernetes secrets via environment variables or as volumes (more secure) mounted to your Pod
.
Be sure to check out my blog post on Medium for more details on this setup.
- Set up the environment variables
Fill out the values in scripts/0-env_vars.sh
- Create the demo Key Vault in Azure
./scripts/1-keyvault_creation.sh
- Install Secrets Store CSI Driver for Azure v0.0.10 and Azure Pod Identity v1.7.0 in your Kubernetes cluster
./scripts/2-aks_setup.sh
- Deploy the Kubernetes manifests
Be sure to edit aadpodidentity-and-binding.yml
and secret-provider-class.yml
before applying the changes to Kubernetes.