Tommy Murphy

https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp/issues/37#issuecomment-678833504 has an example that should work. The `parameters` fields of the `SecretProviderClass` are going to be unique to each individual provider but the part that controls secret syncing to...

`CSIServiceAccountToken` is Alpha in 1.20 (https://github.com/kubernetes/kubernetes/pull/93130)

Blocked on https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/453

Once the driver implements all of the [RequiresRepublish](https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues?q=is%3Aissue+is%3Aopen+label%3Afeature%2Frotation) this provider should be able to assume that every Mount request includes a K8s token for the Pod. In that case the...

Now that https://github.com/kubernetes-sigs/secrets-store-csi-driver/pull/805 is merged, the provider should use the K8s SA token if one is provided. For configurations that use 805 an SA token should always be present in...

This should be possible currently, although we don't have an example of it yet: ```yaml apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 kind: SecretProviderClass metadata: name: app-secrets spec: provider: gcp secretObjects: - secretName: foosecret type:...

Thank you for verifying. At a minimum we need to add an integration test + documentation for this. We could also rename `fileName` within the `parameters` to match `objectName`, but...

hey @wilhelmi the `SecretProviderClass` above should work. If it does not then I suggest taking a look at the logs of the `csi-secrets-store` daemonset, If you get a message like:...

@wilhelmi Yes, a pod/deployment/etc needs to reference the `SecretProviderClass` in order to sync the secret using the CSI driver.

GKE autopilot has a number of limitations that make the CSI driver incompatible from https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#limits * Using `hostPath` volumes in write mode is prohibited - this is required for the...