An operator to deploy the Secrets Store CSI Driver.
To build and run the operator locally:
# Create only the resources the operator needs to run via CLI
oc apply -f - <<EOF
apiVersion: operator.openshift.io/v1
kind: ClusterCSIDriver
metadata:
name: secrets-store.csi.k8s.io
spec:
logLevel: Normal
managementState: Managed
operatorLogLevel: Trace
EOF
# Build the operator
make
# Set the environment variables
export OPERATOR_NAME=secrets-store-csi-driver-operator
export DRIVER_IMAGE=registry.k8s.io/csi-secrets-store/driver:v1.3.3
export NODE_DRIVER_REGISTRAR_IMAGE=quay.io/openshift/origin-csi-node-driver-registrar:latest
export LIVENESS_PROBE_IMAGE=quay.io/openshift/origin-csi-livenessprobe:latest
# Run the operator via CLI
./secrets-store-csi-driver-operator start --kubeconfig $KUBECONFIG --namespace openshift-cluster-csi-driversTo build bundle and index images, use the hack/create-bundle script:
cd hack
./create-bundle registry.ci.openshift.org/ocp/4.18:secrets-store-csi-driver registry.ci.openshift.org/ocp/4.18:secrets-store-csi-driver-operator quay.io/<my_user>/secrets-store-bundle quay.io/<my_user>/secrets-store-indexAt the end it will print a command that creates Subscription for the newly created index image.
The must-gather image for secrets-store-csi-driver-operator supplements the openshift/must-gather image to gather Secrets Store related resources.
oc adm must-gather --image=quay.io/openshift/origin-secrets-store-csi-mustgather:latestThis command creates a must-gather containing:
- Logs and resources in the operator namespace (
openshift-cluster-csi-drivers) SecretProviderClassandSecretProviderClassPodStatusobjectsClusterCSIDriverandCSIDriverobjects
To build the must-gather image locally:
REPO=quay.io/<user>/secrets-store-csi-mustgather:latest
docker build -t ${REPO} -f Dockerfile.mustgather .