I am using below secretproviderclass and it is creating secret and loading it as an env in pod but the format is not correct.
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: pp-dev-pp-webapp
namespace: pp-dev
spec:
provider: aws
secretObjects:
- secretName: csi-secret-newrelic
type: Opaque
data:
- key: NEW_RELIC_LICENSE_KEY
objectName: NEW_RELIC_LICENSE_KEY
parameters:
objects: |
- objectName: "arn:aws:secretsmanager:us-east-1:1xxxxxx:secret:xxxxxxxx"
objectAlias: "NEW_RELIC_LICENSE_KEY"
objectType: "secretsmanager"
..
..
..
volumes:
- name: pod-webapp
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "pp-dev-pp-webapp"
containers:
- name: {{ include "helm.name" . }}
image: {{ .Values.imageRepository }}/{{ .Values.imageName }}:{{ .Values.imageTag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
volumeMounts:
- name: pod-webapp
mountPath: "/mnt"
readOnly: true
env:
- name: test_name
valueFrom:
secretKeyRef:
name: csi-secret-newrelic
key: NEW_RELIC_LICENSE_KEY
..
..
..
The env is loading in below format
test_name={"NEW_RELIC_LICENSE_KEY":"xxxxxxxxxxxxxxxx"}
but it should be in format
NEW_RELIC_LICENSE_KEY":"xxxxxxxxxxxxxxxx
Tried editing secretstoredriver and deployment by commenting out test_name reference but it did not help.