README
¶
Kubernetes Secrets Store CSI Driver
Secrets Store CSI Driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a Container Storage Interface (CSI) volume.
The Secrets Store CSI Driver secrets-store.csi.k8s.io allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume. Once the Volume is attached, the data in it is mounted into the container's file system.
Test Status
| Test | Status |
|---|---|
| periodic/image-scan | |
| periodic/azure-upgrade | |
| postsubmit/aws | |
| postsubmit/azure | |
| postsubmit/gcp | |
| postsubmit/vault |
Want to help?
Join us to help define the direction and implementation of this project!
- Join the #csi-secrets-store channel on Kubernetes Slack.
- Join the Mailing list to receive notifications for releases, security announcements, etc.
- Use GitHub Issues to file bugs, request features, or ask questions asynchronously.
- Join biweekly community meetings to discuss development, issues, use cases, etc.
Features
- Mounts secrets/keys/certs to pod using a CSI Inline volume
- Supports mounting multiple secrets store objects as a single volume
- Supports multiple secrets stores as providers. Multiple providers can run in the same cluster simultaneously.
- Supports pod portability with the SecretProviderClass CRD
- Supports Linux and Windows containers
- Supports sync with Kubernetes Secrets
Demo
Getting Started
Check out the installation instructions to deploy the Secrets Store CSI Driver and providers. Get familiar with our CRDs and core components
Development Guide
Follow these steps to setup Secrets Store CSI Driver for local debugging.
Documentation
Please see the docs for more in-depth information and supported features.
Getting involved and contributing
Are you interested in contributing to secrets-store-csi-driver? We, the maintainers and community, would love your suggestions, contributions, and help! Also, the maintainers can be contacted at any time to learn more about how to get involved.
In the interest of getting more new people involved, we tag issues with good first issue. These are typically issues that have smaller scope but are good ways to start to get acquainted with the codebase.
We also encourage ALL active community participants to act as if they are maintainers, even if you don't have "official" write permissions. This is a community effort, we are here to serve the Kubernetes community. If you have an active interest and you want to get involved, you have real power! Don't assume that the only people who can get things done around here are the "maintainers".
We also would love to add more "official" maintainers, so show us what you can do!
Check out Secrets Store CSI Driver Membership for more information.
Code of conduct
Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.
Directories
¶
| Path | Synopsis |
|---|---|
|
apis
|
|
|
v1
Package v1 contains API Schema definitions for the secrets-store v1 API group +kubebuilder:object:generate=true +k8s:deepcopy-gen=package,register +groupName=secrets-store.csi.x-k8s.io
|
Package v1 contains API Schema definitions for the secrets-store v1 API group +kubebuilder:object:generate=true +k8s:deepcopy-gen=package,register +groupName=secrets-store.csi.x-k8s.io |
|
v1alpha1
Package v1alpha1 contains API Schema definitions for the secrets-store v1alpha1 API group +kubebuilder:object:generate=true +k8s:deepcopy-gen=package,register +groupName=secrets-store.csi.x-k8s.io
|
Package v1alpha1 contains API Schema definitions for the secrets-store v1alpha1 API group +kubebuilder:object:generate=true +k8s:deepcopy-gen=package,register +groupName=secrets-store.csi.x-k8s.io |
|
cmd
|
|
|
syncsecret
Package syncsecret holds the RBAC permission annotations for the controller to sync k8s secrets so that they can be built and applied separately.
|
Package syncsecret holds the RBAC permission annotations for the controller to sync k8s secrets so that they can be built and applied separately. |
|
tokenrequest
Package tokenrequest holds the RBAC permission annotations for the controller to create a serviceaccount token and pass it as part of Mount Request.
|
Package tokenrequest holds the RBAC permission annotations for the controller to create a serviceaccount token and pass it as part of Mount Request. |
|
pkg
|
|
|
client/clientset/versioned
This package has the automatically generated clientset.
|
This package has the automatically generated clientset. |
|
client/clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
|
client/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
|
client/clientset/versioned/typed/apis/v1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
|
client/clientset/versioned/typed/apis/v1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
|
client/clientset/versioned/typed/apis/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
|
client/clientset/versioned/typed/apis/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
|
test_utils/tmpdir
Package tmpdir provides helper getting a temporary directory for tests that write to the filesystem.
|
Package tmpdir provides helper getting a temporary directory for tests that write to the filesystem. |
|
util/fileutil
Package fileutil includes helpers for dealing with CSI mount paths and reading/writing files.
|
Package fileutil includes helpers for dealing with CSI mount paths and reading/writing files. |
|
util/k8sutil
Package k8sutil holds Secrets CSI Driver utilities for dealing with k8s types.
|
Package k8sutil holds Secrets CSI Driver utilities for dealing with k8s types. |
|
provider
|
|