I am trying to configure AWS secrets with my kubernetes cluster in such a way that I can expose secrets as environment variable in my deployment file
OS: Mac I am using minikube for local testing For AWS I am using localstack
secrets manager I have created a secret
I have created this yaml file
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: airflow-deployment-aws-secrets-dev
spec:
provider: aws
secretObjects: # [OPTIONAL] SecretObject defines the desired state of synced K8s secret objects
- data:
- key: AIRFLOW__CORE__EXECUTOR # data field to populate
objectName: AIRFLOW__CORE__EXECUTOR # name of the mounted content to sync. this could be the object
secretName: airflow-environment # name of the Kubernetes Secret object
type: Opaque
parameters:
objects: |
- objectName: "AirflowSecretDev"
objectType: "secretsmanager"
region: "us-west-1"
endpoint-url: "http://host.docker.internal:4566"
In my deployment file I have used
apiVersion: apps/v1
kind: Deployment
metadata:
name: airflow-scheduler
spec:
replicas: 1
selector:
matchLabels:
app: airflow-scheduler
template:
metadata:
labels:
app: airflow-scheduler
spec:
containers:
- name: airflow-scheduler
image: airflow-testing-image-1:latest
imagePullPolicy: Never
command: ["/bin/bash", "-c", "airflow db check-migrations -t 0 || airflow db upgrade || true; airflow scheduler"]
env:
- name: AIRFLOW__CORE__EXECUTOR
valueFrom:
secretKeyRef:
name: airflow-environment
key: AIRFLOW__CORE__EXECUTOR
But this whole is not working and getting following error
kubernetes logs for csi drivers
Please let me know what am I doing wrong in this .