This doc shows 3 different ways to install Azure Pod Identity and Azure Secrets Store CSI Provider on a Kubernetes cluster
# Install AAD Pod Identity v1.7.1 (Helm chart version 3.0.0)
helm repo add --insecure-skip-tls-verify aad-pod-identity https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
helm repo update
kubectl create ns aad-pod-id
helm install --insecure-skip-tls-verify aad-pod-identity aad-pod-identity/aad-pod-identity --version 3.0.0 -n aad-pod-id
# Install Secrets Store CSI Driver for Azure v0.0.10 (Helm chart version 0.0.6)
helm repo add --insecure-skip-tls-verify csi-secrets-store-provider-azure https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts
helm repo update
kubectl create ns csi-driver
helm install --insecure-skip-tls-verify csi-secrets-store-provider-azure csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --version 0.0.6 --namespace csi-driver
# Install AAD Pod Identity v1.7.1
kubectl create ns aad-pod-id
helm install aad-pod-identity ./aad-pod-identity-2.0.3.tar.gz -n aad-pod-id
# Install Secrets Store CSI Driver for Azure v0.0.10
kubectl create ns csi-driver
helm install csi-secrets-store-provider-azure ./azure_kv_provider_for_secrets/csi-secrets-store-provider-azure-0.0.14.tar.gz -n csi-driver
# Install AAD Pod Identity v1.7.1
argocd repo add https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts --type helm --name aad-pod-identity
kubectl apply -f aad-pod-identity-app.yml
argocd app sync aad-pod-identity
# Install Secrets Store CSI Driver for Azure v0.0.10
argocd repo add https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts --type helm --name csi-secrets-store-provider-azure
kubectl apply -f secrets-store-csi-driver-app.yml
argocd app sync secrets-store-csi-driver
Used ArgoCD deployment
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: aad-pod-identity
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: 'https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts'
targetRevision: 3.0.0
chart: aad-pod-identity
destination:
namespace: aad-pod-id
name: my-cluster
syncPolicy:
syncOptions:
- CreateNamespace=true
Used for ArgoCD deployment
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: secrets-store-csi-driver
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: 'https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts'
targetRevision: 0.0.6
chart: csi-secrets-store-provider-azure
destination:
namespace: csi-driver
name: my-cluster
syncPolicy:
syncOptions:
- CreateNamespace=true