Setup Secrets Store CSI Driver on Azure RedHat OpenShift (ARO)

How to setup Azure Keyvault Provider for Secrets Store CSI Driver on Azure RedHat OpenShift (ARO)

Installation

Install the Azure Keyvault provider for Secrets Store CSI Driver on Azure RedHat OpenShift run:

helm repo add csi-secrets-store-provider-azure https://azure.github.io/secrets-store-csi-driver-provider-azure/charts
helm install csi csi-secrets-store-provider-azure/csi-secrets-store-provider-azure --set linux.privileged=true

Setting linux.privileged=true with helm install will enable privileged mode for the Linux daemonset pods.

    securityContext:
      privileged: true

This is required for the AKV provider pods to successfully startup in ARO.

Bind SecurityContextConstraints (SCC) to the Secrets Store CSI Driver and Azure Keyvault Provider service accounts

# Replace $target_namespace with the namespace used for helm install
# Secrets Store CSI Driver service account
oc adm policy add-scc-to-user privileged system:serviceaccount:$target_namespace:secrets-store-csi-driver
# Azure Keyvault Provider service account
oc adm policy add-scc-to-user privileged system:serviceaccount:$target_namespace:csi-secrets-store-provider-azure

Uninstall

Run the following command to uninstall
```
helm delete <release name>
```

Remove the SCC bindings

# Replace $target_namespace with the namespace used for helm install
oc adm policy remove-scc-from-user privileged system:serviceaccount:$target_namespace:secrets-store-csi-driver
oc adm policy remove-scc-from-user privileged system:serviceaccount:$target_namespace:csi-secrets-store-provider-azure

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified June 13, 2022: docs: fix uninstall commands in openshift (#913) (327bf30)