Openbao Provider for Secrets Store CSI Driver

⚠️ Please note: We take OpenBao's security and our users' trust very seriously. If you believe you have found a security issue in OpenBao Helm, please responsibly disclose by contacting us at openbao-security@lists.lfedge.org.

Openbao provider for the Secrets Store CSI driver allows you to get secrets stored in Openbao and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.

Installation

Prerequisites

Supported Kubernetes version, see the documentation (runs on Linux nodes only)
Secrets store CSI driver installed

Using helm

The recommended installation method is via helm 3:

helm repo add openbao https://openbao.github.io/openbao-helm
# Just installs Openbao CSI provider. Adjust `server.enabled` and `injector.enabled`
# if you also want helm to install Openbao and the Openbao Agent injector.
helm install openbao openbao/openbao \
  --set "server.enabled=false" \
  --set "injector.enabled=false" \
  --set "csi.enabled=true"

Using yaml

You can also install using the deployment config in the deployment folder:

kubectl apply -f deployment/openbao-csi-provider.yaml

Usage

See the learn tutorial and documentation pages for full details of deploying, configuring and using Openbao CSI provider. The integration tests in test/bats/provider.bats also provide a good set of fully worked and tested examples to build on.

Troubleshooting

To troubleshoot issues with Openbao CSI provider, look at logs from the Openbao CSI provider pod running on the same node as your application pod:

kubectl get pods -o wide
# find the Openbao CSI provider pod running on the same node as your application pod

kubectl logs openbao-csi-provider-7x44t

Pass -debug=true to the provider to get more detailed logs. When installing via helm, you can use --set "csi.debug=true".

Developing

The Makefile has targets to automate building and testing:

make build test

The project also uses some linting and formatting tools. To install the tools:

make bootstrap

You can then run the additional checks:

make fmt lint mod

To run a full set of integration tests on a local kind cluster, ensure you have the following additional dependencies installed:

You can then run:

make setup-kind e2e-image e2e-setup e2e-test

Finally tidy up the resources created in the kind cluster with:

make e2e-teardown

Name		Name	Last commit message	Last commit date
Latest commit History 143 Commits
.github/workflows		.github/workflows
.release		.release
deployment		deployment
internal		internal
manifest_staging/deployment		manifest_staging/deployment
test/bats		test/bats
tools		tools
.copywrite.hcl		.copywrite.hcl
.gitignore		.gitignore
.go-version		.go-version
CHANGELOG.md		CHANGELOG.md
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go
main_test.go		main_test.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Openbao Provider for Secrets Store CSI Driver

Installation

Prerequisites

Using helm

Using yaml

Usage

Troubleshooting

Developing

About

Releases

Packages

Languages

License

openbao/openbao-csi-provider

Folders and files

Latest commit

History

Repository files navigation

Openbao Provider for Secrets Store CSI Driver

Installation

Prerequisites

Using helm

Using yaml

Usage

Troubleshooting

Developing

About

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages