vault-csi-provider icon indicating copy to clipboard operation
vault-csi-provider copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

there are no files under mountPath

Open woniuzhang opened this issue 6 months ago • 0 comments

login to pod webapp, thers is directory /mnt/mypassword, but there are no files under /mnt/mypassword. Checked log of secrets-store-csi-driver and csi-provider, there are only some info logs.

secrets-store-csi-driver log I0528 06:54:34.727489 1 nodeserver.go:353] "Using gRPC client" provider="vault" pod="webapp" I0528 06:54:34.847700 1 nodeserver.go:253] "node publish volume complete" targetPath="/mnt/paas/kubernetes/kubelet/pods/607d614b-e793-4ee7-a3c9-fe986c1cdcd7/volumes/kubernetes.io~csi/secrets-store-inline/mount" pod="phee-devcn/webapp" time="121.682692ms" I0528 06:54:34.847877 1 secretproviderclasspodstatus_controller.go:224] "reconcile started" spcps="phee-devcn/webapp-phee-devcn-vault-database" I0528 06:54:34.848003 1 secretproviderclasspodstatus_controller.go:265] "no secret objects defined for spc, nothing to reconcile" spc="phee-devcn/vault-database" spcps="phee-devcn/webapp-phee-devcn-vault-database"

csi-provider log 2025-05-28T06:54:34.729Z [INFO] server: Processing unary gRPC call: grpc.method=/v1alpha1.CSIDriverProvider/Mount 2025-05-28T06:54:34.806Z [INFO] server.provider: secret added to mount response: directory=/mnt/paas/kubernetes/kubelet/pods/607d614b-e793-4ee7-a3c9-fe986c1cdcd7/volumes/kubernetes.io~csi/secrets-store-inline/mount file=s3Bucket 2025-05-28T06:54:34.806Z [INFO] server.provider: secret added to mount response: directory=/mnt/paas/kubernetes/kubelet/pods/607d614b-e793-4ee7-a3c9-fe986c1cdcd7/volumes/kubernetes.io~csi/secrets-store-inline/mount file=mypassword 2025-05-28T06:54:34.806Z [INFO] server: Finished unary gRPC call: grpc.method=/v1alpha1.CSIDriverProvider/Mount grpc.time=76.920018ms grpc.code=OK err=<nil>

kind: SecretProviderClass metadata: name: vault-database spec: provider: vault secretObjects: parameters: vaultAddress: "http://vault-nonprod-active.vault-nonprod.svc.cluster.local:8200" roleName: "database" objects: | - objectName: "mypassword" secretPath: "kv/data/cmis_devcn" secretKey: "accessKey"

kind: Pod apiVersion: v1 metadata: name: webapp spec: serviceAccountName: webapp-sa containers: - image: nginx name: webapp volumeMounts: - name: secrets-store-inline mountPath: "/mnt/mypassword" readOnly: true volumes: - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: "vault-database"

woniuzhang avatar May 28 '25 07:05 woniuzhang