| Red Hat Cloud Experts Documentation

Last edited: September 28, 2023

This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.

Installing the Kubernetes Secret Store CSI

Create an OpenShift Project to deploy the CSI into
```
oc new-project k8s-secrets-store-csi
```

Set SecurityContextConstraints to allow the CSI driver to run (otherwise the DaemonSet will not be able to create Pods)

oc adm policy add-scc-to-user privileged \
  system:serviceaccount:k8s-secrets-store-csi:secrets-store-csi-driver

Add the Secrets Store CSI Driver to your Helm Repositories

helm repo add secrets-store-csi-driver \
  https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts

Update your Helm Repositories
```
helm repo update
```

Install the secrets store csi driver

helm install -n k8s-secrets-store-csi csi-secrets-store \
  secrets-store-csi-driver/secrets-store-csi-driver \
  --version v1.3.2 \
  --set "linux.providersDir=/var/run/secrets-store-csi-providers"

Check that the Daemonsets is running

oc -n k8s-secrets-store-csi get pods -l "app=secrets-store-csi-driver"

You should see the following

NAME                                               READY   STATUS    RESTARTS   AGE
csi-secrets-store-secrets-store-csi-driver-cl7dv   3/3     Running   0          57s
csi-secrets-store-secrets-store-csi-driver-gbz27   3/3     Running   0          57s

Add pod security profile label for CSI Driver

This is required starting in OpenShift v4.13

oc label csidriver/secrets-store.csi.k8s.io security.openshift.io/csi-ephemeral-volume-profile=restricted

Installing the Kubernetes Secret Store CSI

Interested in contributing to these docs?

Products

Tools

Try, buy & sell

Communicate

About Red Hat

Subscribe to our newsletter, Red Hat Shares

Red Hat legal and privacy links

Red Hat legal and privacy links