Skip to content

Instantly share code, notes, and snippets.

@avillela

avillela/azure_kv_k8s.md Secret

Last active January 22, 2021 23:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save avillela/3ff18b3bde4347ced4a0917bb70c90dd to your computer and use it in GitHub Desktop.
Save avillela/3ff18b3bde4347ced4a0917bb70c90dd to your computer and use it in GitHub Desktop.
Download ZIP
Install Azure AAD Pod Identity and Azure KV Secrets Store CSI Driver
Raw
azure_kv_k8s.md

Installing Azure Pod Identity and Azure Secrets Store CSI Provider on Kubernetes

This doc shows 3 different ways to install Azure Pod Identity and Azure Secrets Store CSI Provider on a Kubernetes cluster

Helm remote

# Install AAD Pod Identity v1.7.1 (Helm chart version 3.0.0)
helm repo add --insecure-skip-tls-verify aad-pod-identity https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
helm repo update
kubectl create ns aad-pod-id
helm install --insecure-skip-tls-verify aad-pod-identity aad-pod-identity/aad-pod-identity --version 3.0.0 -n aad-pod-id

# Install Secrets Store CSI Driver for Azure v0.0.10 (Helm chart version 0.0.6)
helm repo add --insecure-skip-tls-verify csi-secrets-store-provider-azure https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts
helm repo update
kubectl create ns csi-driver
helm install --insecure-skip-tls-verify csi-secrets-store-provider-azure csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --version 0.0.6 --namespace csi-driver

Helm local tar.gz

# Install AAD Pod Identity v1.7.1
kubectl create ns aad-pod-id
helm install aad-pod-identity ./aad-pod-identity-2.0.3.tar.gz -n aad-pod-id

# Install Secrets Store CSI Driver for Azure v0.0.10
kubectl create ns csi-driver
helm install csi-secrets-store-provider-azure ./azure_kv_provider_for_secrets/csi-secrets-store-provider-azure-0.0.14.tar.gz -n csi-driver

ArgoCD install

# Install AAD Pod Identity v1.7.1
argocd repo add https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts --type helm --name aad-pod-identity
kubectl apply -f aad-pod-identity-app.yml
argocd app sync aad-pod-identity

# Install Secrets Store CSI Driver for Azure v0.0.10
argocd repo add https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts --type helm --name csi-secrets-store-provider-azure
kubectl apply -f secrets-store-csi-driver-app.yml
argocd app sync secrets-store-csi-driver

aad-pod-identity-app.yml

Used ArgoCD deployment

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: aad-pod-identity
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: 'https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts'
    targetRevision: 3.0.0
    chart: aad-pod-identity
  destination:
    namespace: aad-pod-id
    name: my-cluster
  syncPolicy:
    syncOptions:
      - CreateNamespace=true

secrets-store-csi-driver-app.yml

Used for ArgoCD deployment

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: secrets-store-csi-driver
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: 'https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts'
    targetRevision: 0.0.6
    chart: csi-secrets-store-provider-azure
  destination:
    namespace: csi-driver
    name: my-cluster
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment