AWS Secrets Manager and Config Provider for Secret Store CSI Driver allows you to get secret contents stored in AWS Key Management Service instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.
- This chart installs the secrets-store-csi-driver and the AWS Secrets Manager and Config Provider for Secret Store CSI Driver
helm repo add eks https://aws.github.io/eks-charts
helm install eks/csi-secrets-store-provider-aws --generate-name --namespace kube-system
Follow the Usage guide.
The following table lists the configurable parameters of the csi-secrets-store-provider-aws chart and their default values.
Refer to doc for configurable parameters of the secrets-store-csi-driver chart.
Parameter | Description | Default |
---|---|---|
nameOverride |
String to override the name template with a string | "" |
fullnameOverride |
String to override the fullname template with a string | "" |
imagePullSecrets |
Secrets to be used when pulling images | [] |
image.registry |
Image registry | public.ecr.aws |
image.repository |
Image repository | aws-secrets-manager/secrets-store-csi-driver-provider-aws |
image.pullPolicy |
Image pull policy | IfNotPresent |
image.tag |
Image tag | .Chart.AppVersion |
priorityClassName |
Indicates the importance of a Pod relative to other Pods | "" |
nodeSelector |
Node Selector for the daemonset on nodes | {} |
tolerations |
Tolerations for the daemonset on nodes | [] |
ports |
Liveness and readyness tcp probe port | 8989 |
privileged |
Privileged security context | false |
resources |
Resource limit for provider pods on nodes | requests.cpu: 50m requests.memory: 100Mi limits.cpu: 50m limits.memory: 100Mi |
podLabels |
Additional pod labels | {} |
podAnnotations |
Additional pod annotations | {} |
updateStrategy |
Configure a custom update strategy for the daemonset on nodes | RollingUpdate |
secrets-store-csi-driver.install |
Secrets Store CSI Driver chart install | true |
rbac.install |
Install default service account | true |
rbac.pspEnabled |
Pod Security Pods | false |
rbac.serviceAccount.name |
Service account to be used. If not set and serviceAccount.create is true a name is generated using the fullname template. |