provider-sql icon indicating copy to clipboard operation
provider-sql copied to clipboard

Published 20 hours ago verified publisher icon crossplane-contrib

Support for secrets provided via Secrets Store CSI Driver

Open guilledipa opened this issue 1 year ago • 3 comments

What problem are you facing?

Currently, MySQLConnectionSecret expects a Secret object as per:

kubectl create secret generic db-conn \
  --from-literal=username=admin \
  --from-literal=password='t0ps3cr3t' \
  --from-literal=endpoint=my.sql-server.com \
  --from-literal=port=3306

This implies that users need permissions to run kubectl create secret in the cluster.

In CI/CD pipelines where users have no permissions to run kubectl commands (and all code is persisted in repositories), the ability to inject secrets in the cluster via https://secrets-store-csi-driver.sigs.k8s.io/introduction.html is ideal. This is particularly useful in the context of Cloud environments where secrets are created in Secret Manager tools like GCP's Secret Manager.

How could Crossplane help solve your problem?

provider-sql could support secrets mounted via secrets-store-csi-driver.

guilledipa avatar Nov 03 '22 05:11 guilledipa