In EKS I am trying to use SecretProviderClass to provide secrets as environment variables to containers. I can see the secret mounted inside the container but no combination of key/names is allowing me to use it as an environment variable. Insode the container I cancat /mnt/secrets-store/awscredentialsAnd see the output:
{"accesskey":"ABCDE12345","secretkey":"a/long/redacted5tring"}My SecretProviderClass is below
apiVersion: secrets-store.csi.x-k8s.io/v1kind: SecretProviderClassmetadata: name: aws-secrets namespace: defaultspec: provider: aws parameters: objects: | - objectName: "path/to/service/awscredentials" objectType: secretsmanager objectAlias: awscredentials secretObjects: - secretName: awscredentials type: Opaque data: - objectName: accesskeyalias key: accesskey - objectName: secretkeyalias key: secretkeyand my deployment:
apiVersion: apps/v1kind: Deploymentmetadata: name: myservice labels: team: devopsspec: replicas: 1 selector: matchLabels: app: myservice template: metadata: labels: app: myservice spec: serviceAccountName: myservice volumes: - name: secrets-store-inline csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: "aws-secrets" containers: - name: myservice image: someimage:2 volumeMounts: - name: secrets-store-inline mountPath: "/mnt/secrets-store" readOnly: true env: - name: AWS_ACCESS_KEY valueFrom: secretKeyRef: name: awscredentials key: accesskeyWhen I run the deployment without reference to the SecretKeyRef the container runs and I can see the secret under /mnt/secrets-store/awscredentials. However, trying to set the environment variable results in the pod stuck in Pending state and the message:Error: secret "awscredentials" not foundI reckon I have mixed up the name and keys somewhere but I've spent hours trying every combination I can think of. What am I missing?