Add Azure provider for secrets store

bin/update.sh

@@ -36,6 +36,9 @@ for i in do-block-storage-StorageClass.yaml do-block-storage-VolumeSnapshotClass
 done
 rm -fr files/digitalocean.old
 
+if [ ! -d files/secrets-provider-gopass ]; then mkdir files/secrets-provider-gopass; fi
+wget https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass/raw/master/deployment/provider-gopass-installer.yaml && \
+  \mv provider-gopass-installer.yaml files/secrets-provider-gopass/
 
 
 #https://github.com/scaleway/scaleway-csi

files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml

@@ -5,7 +5,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: external-attacher-runner
+  name: external-attacher-role
 subjects:
 - kind: ServiceAccount
   name: csi-controller-sa

files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml

@@ -5,7 +5,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: external-provisioner-runner
+  name: external-provisioner-role
 subjects:
 - kind: ServiceAccount
   name: csi-controller-sa

files/linode/csi-controller-resizer-binding-ClusterRoleBinding.yaml

@@ -5,7 +5,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: external-resizer-runner
+  name: external-resizer-role
 subjects:
 - kind: ServiceAccount
   name: csi-controller-sa

files/linode/csi-linode-controller-StatefulSet.yaml

@@ -78,7 +78,7 @@ spec:
             secretKeyRef:
               key: token
               name: linode
-        image: linode/linode-blockstorage-csi-driver:v0.4.0
+        image: linode/linode-blockstorage-csi-driver:v0.4.1
         imagePullPolicy: Always
         name: linode-csi-plugin
         volumeMounts:

files/linode/csi-linode-node-DaemonSet.yaml

@@ -56,7 +56,7 @@ spec:
             secretKeyRef:
               key: token
               name: linode
-        image: linode/linode-blockstorage-csi-driver:v0.4.0
+        image: linode/linode-blockstorage-csi-driver:v0.4.1
         imagePullPolicy: Always
         name: csi-linode-plugin
         securityContext:
@@ -94,6 +94,13 @@ spec:
         - mountPath: /scripts
           name: get-linode-id
       serviceAccount: csi-node-sa
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
       volumes:
       - emptyDir: {}
         name: linode-info

files/secrets-provider-gopass/provider-gopass-installer.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: csi-secrets-store-provider-gopass
+  name: csi-secrets-store-provider-gopass
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: csi-secrets-store-provider-gopass
+  template:
+    metadata:
+      labels:
+        app: csi-secrets-store-provider-gopass
+    spec:
+      tolerations:
+      containers:
+        - name: provider-gopass-installer
+          image: camptocamp/secrets-store-csi-driver-provider-gopass:0.0.1
+          imagePullPolicy: Always
+          resources:
+            requests:
+              cpu: 50m
+              memory: 100Mi
+            limits:
+              cpu: 50m
+              memory: 100Mi
+          env:
+            # set TARGET_DIR env var and mount the same directory to to the container
+            - name: TARGET_DIR
+              value: "/etc/kubernetes/secrets-store-csi-providers"
+          volumeMounts:
+            - mountPath: "/etc/kubernetes/secrets-store-csi-providers"
+              name: providervol
+      volumes:
+        - name: providervol
+          hostPath:
+              path: "/etc/kubernetes/secrets-store-csi-providers"
+      nodeSelector:
+        beta.kubernetes.io/os: linux

tasks/secrets-store.yml

@@ -17,19 +17,43 @@
   - name: Defined Secrets Store repository
     kubernetes.core.helm_repository:
       name: secrets-store-csi-driver
-      repo_url: "https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts"
+      repo_url: "https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts"
 
   - name: Deploy Secrets Store chart
     kubernetes.core.helm:
       context: "{{ my_context }}"
       state: "{{ storage_secrets_store_state }}"
       name: csi-secrets-store
+      namespace: "kube-system"
       chart_ref: secrets-store-csi-driver/secrets-store-csi-driver
 
+  # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
+  - name: Deploy Secrets Store CSI driver provider gopass
+    kubernetes.core.k8s:
+      state: "{{ storage_secrets_store_state }}"
+      context: "{{ my_context }}"
+      namespace: "kube-system"
+      apply: true
+      resource_definition: "{{ lookup('file', 'secrets-provider-gopass/provider-gopass-installer.yaml') | from_yaml }}"
+
+  # https://github.com/Azure/secrets-store-csi-driver-provider-azure
+  - name: Deploy Secrets Store CSI driver provider azure
+    kubernetes.core.helm_repository:
+      name: csi-secrets-store-provider-azure
+      repo_url: "https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts"
+  - name: Deploy Secrets Store chart
+    kubernetes.core.helm:
+      context: "{{ my_context }}"
+      state: "{{ storage_secrets_store_state }}"
+      name: csi-secrets-store-provider-azure
+      namespace: "kube-system"
+      chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure
+      values:
+        secrets-store-csi-driver:
+          install: false
+
   tags:
     - storage
     - secrets-store
 
-# https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
 # https://github.com/hashicorp/vault-csi-provider
-# https://github.com/Azure/secrets-store-csi-driver-provider-azure