provider-sql
provider-sql copied to clipboard
Support for secrets provided via Secrets Store CSI Driver
What problem are you facing?
Currently, MySQLConnectionSecret
expects a Secret
object as per:
kubectl create secret generic db-conn \
--from-literal=username=admin \
--from-literal=password='t0ps3cr3t' \
--from-literal=endpoint=my.sql-server.com \
--from-literal=port=3306
This implies that users need permissions to run kubectl create secret
in the cluster.
In CI/CD pipelines where users have no permissions to run kubectl
commands (and all code is persisted in repositories), the ability to inject secrets in the cluster via https://secrets-store-csi-driver.sigs.k8s.io/introduction.html is ideal. This is particularly useful in the context of Cloud environments where secrets are created in Secret Manager tools like GCP's Secret Manager.
How could Crossplane help solve your problem?
provider-sql
could support secrets mounted via secrets-store-csi-driver
.