我想知道我是否可以将 KeeperSecurity 与 Secrets-Store-CSI-Driver 一起使用。如果是这样,我应该在 SecretProviderClass 中放什么?
我感谢有关此问题的任何建议或指导。谢谢!
遵循这些程序:
https://secrets-store-csi-driver.sigs.k8s.io/getting-started/installation.html
https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/main/deploy
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.0
creationTimestamp: null
name: secretproviderclasses.secrets-store.csi.x-k8s.io
spec:
group: secrets-store.csi.x-k8s.io
names:
kind: SecretProviderClass
listKind: SecretProviderClassList
plural: secretproviderclasses
singular: secretproviderclass
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SecretProviderClass is the Schema for the secretproviderclasses
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SecretProviderClassSpec defines the desired state of SecretProviderClass
properties:
parameters:
additionalProperties:
type: string
description: Configuration for specific provider
type: object
provider:
description: Configuration for provider name
type: string
secretObjects:
items:
description: SecretObject defines the desired state of synced K8s
secret objects
properties:
annotations:
additionalProperties:
type: string
description: annotations of k8s secret object
type: object
data:
items:
description: SecretObjectData defines the desired state of
synced K8s secret object data
properties:
key:
description: data field to populate
type: string
objectName:
description: name of the object to sync
type: string
type: object
type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
type:
description: type of K8s secret object
type: string
type: object
type: array
type: object
status:
description: SecretProviderClassStatus defines the observed state of SecretProviderClass
properties:
byPod:
items:
description: ByPodStatus defines the state of SecretProviderClass
as seen by an individual controller
properties:
id:
description: id of the pod that wrote the status
type: string
namespace:
description: namespace of the pod that wrote the status
type: string
type: object
type: array
type: object
type: object
served: true
storage: true
- deprecated: true
deprecationWarning: secrets-store.csi.x-k8s.io/v1alpha1 is deprecated. Use secrets-store.csi.x-k8s.io/v1
instead.
name: v1alpha1
schema:
openAPIV3Schema:
description: SecretProviderClass is the Schema for the secretproviderclasses
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SecretProviderClassSpec defines the desired state of SecretProviderClass
properties:
parameters:
additionalProperties:
type: string
description: Configuration for specific provider
type: object
provider:
description: Configuration for provider name
type: string
secretObjects:
items:
description: SecretObject defines the desired state of synced K8s
secret objects
properties:
annotations:
additionalProperties:
type: string
description: annotations of k8s secret object
type: object
data:
items:
description: SecretObjectData defines the desired state of
synced K8s secret object data
properties:
key:
description: data field to populate
type: string
objectName:
description: name of the object to sync
type: string
type: object
type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
type:
description: type of K8s secret object
type: string
type: object
type: array
type: object
status:
description: SecretProviderClassStatus defines the observed state of SecretProviderClass
properties:
byPod:
items:
description: ByPodStatus defines the state of SecretProviderClass
as seen by an individual controller
properties:
id:
description: id of the pod that wrote the status
type: string
namespace:
description: namespace of the pod that wrote the status
type: string
type: object
type: array
type: object
type: object
served: true
storage: false