Error with Mounting SecretproviderClass with AWS Provider

[ephriamj]

Hello,

I'm receiving an error when I launch a new deployment. These are the steps I'm using.

1. Deploy SecretProviderClass: kubectl apply -f test-secrets-array.yaml
2. Create a deploy using helm

When I go to deploy pods, I receive an error:

"Warning FailedMount 23s (x7 over 55s) kubelet, ip-10-6-19-185.ec2.internal MountVolume.SetUp failed for volume "secrets" : rpc error: code = Unknown desc = failed to mount secrets store objects for pod test-service/deployment-test-data-services-8646cdc588-vbz2p, err: rpc error: code = Unknown desc = Failed to load SecretProviderClass: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal object into Go value of type []*provider.SecretDescriptor"

Here's how my manifest is setup for SecretProviderClass:

kind: SecretProviderClass
metadata:
  name: eks-test-secrets
  namespace: test-services
spec:
  provider: aws
  parameters:
    objects: |
      array:
        - |
          objectName: "arn:aws:secretsmanager:us-east-1:174596742332:secret:test1-qlL3Np"
        - |
          objectName: "arn:aws:secretsmanager:us-east-1:174596742332:secret:testsecret-uDiDIO"

I also added the parameter:

--set grpcSupportedProviders=”aws”

Just wanted to see if anyone's having the same issue. Thanks.

[lasred]

One thing that caught my attention with your manifest is "array:". That isn't needed. See the example under "SecretProviderClass options" - https://github.com/aws/secrets-store-csi-driver-provider-aws

[ephriamj]

That worked. Thank you @lasred.

[ephriamj]

I removed the array, and was able to mount secrets