CSI Volume Workspace Type Demo

.yaml

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: app-secrets
spec:
  provider: gcp
  parameters:
    secrets: |
      - resourceName: "projects/$PROJECT_ID/secrets/testsecret/versions/latest"
        path: "good1.txt"
      - resourceName: "projects/$PROJECT_ID/secrets/testsecret/versions/latest"
        path: "good2.txt"
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: csi-task
spec:
  workspaces:
  - name: secret-password
  steps:
  - name: fetch-csi
    image: ubuntu
    script: | 
      ls $(workspaces.secret-password.path)
      cat $(workspaces.secret-password.path)/good1.txt
      cat $(workspaces.secret-password.path)/good2.txt
---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: csi-pipeline
spec:
  workspaces:
  - name: secret-manager-gcp
  tasks:
  - name: fetch-csi
    taskRef:
      name: csi-task
    workspaces:
    - name: secret-password
      workspace: secret-manager-gcp
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  generateName: csi-credential-
spec:
  serviceAccountName: mypodserviceaccount
  pipelineRef:
    name: csi-pipeline
  workspaces:
    - name: secret-manager-gcp
      csi:
        driver: secrets-store.csi.k8s.io
        readOnly: true
        volumeAttributes:
          secretProviderClass: "app-secrets"