Git Product home page Git Product logo

Comments (6)

enj avatar enj commented on August 16, 2024

Linking the slack thread here for future reference.

from secrets-store-csi-driver-provider-azure.

enj avatar enj commented on August 16, 2024

Writing down recommendations from the slack thread:

  • Use the upcoming secret sync controller to have full offline support (i.e. tolerate any form of failure, not just one AKV region having an issue)
  • Write a generic provider that can multiplex across N providers (which could be different types altogether)
  • Work with sig-storage folks to expand CSI drivers to support optional volume mounts so that N providers can be used to provide the same secrets

from secrets-store-csi-driver-provider-azure.

JorTurFer avatar JorTurFer commented on August 16, 2024

This is the slack thread in sig-storage.

I'd like to respectfuly say, all the options seem as: "do it from your side or go to another place".
It is a fact that the component isn't resilient to any kind of disruption, which can be a no-go for productive scenarios.

Not storing the secrets in k8s API is the main reason for using the csi. Storing the secrets in k8s API instead of a fallback/failover/justanothercall it's already managed by other 3rd parties and it's quite less secure than using CSI.

from secrets-store-csi-driver-provider-azure.

JorTurFer avatar JorTurFer commented on August 16, 2024

Hi again ✋ !
I've presented the topic in the SIG-Storage meeting (Jan 25th) where there's been a SIG lead and the conclusion from the SIG is that it's the CSI-drive (this component) who has to handle the failures and high availability features as making the volume optional, only moves the problem from the k8s layer to the application layer.

Is it now something open to discuss or doing it by myself the only option that's left?

Currently, the component isn't resilient to Azure Key Vault failures and it's a single point of failure indeed, which is a problem at least for us (and that's why we are willing to contribute with this)

from secrets-store-csi-driver-provider-azure.

JorTurFer avatar JorTurFer commented on August 16, 2024

Hello @enj !
Is there any update realted with this?

from secrets-store-csi-driver-provider-azure.

JorTurFer avatar JorTurFer commented on August 16, 2024

Hello @enj !
Have you had an opportunity to see this by chance?

from secrets-store-csi-driver-provider-azure.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.