Vault CSI Provisioner w/ Auth Path



I am trying to configure the CSI provisioner. We’re using Kubernetes auth as suggested, but since we have multiple clusters I have to provide an auth path for the Kubernetes auth. I see that the injector has a parameter in the Helm chart for this, but the CSI provisioner does not. How can I tell the CSI provisioner which Kubernetes auth path to use in Vault?

Hi! There are a couple of options:

  • Specify a default kubernetes auth path using a command line flag -vault-mount (requires v0.3.0+), and configure that using csi.extraArgs in the helm chart.
  • Specify a kubernetes auth path in every SecretProviderClass object you create. You’ll need this if you want to use multiple Vault auth paths from within the same cluster, otherwise, I’d recommend the first option.

I hope that helps!