0

In my AWS EKS Cluster, I need to access a secret in my AWS SecretManager. To that end, I'm trying to apply a SecretProviderClass that looks like:

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
    name: nginx-irsa-deployment-aws-secrets
    spec:
        provider: aws
        parameters:
        objects: |
            - objectName: "***"
              objectType: "secretsmanager"

but receive the error:

error: resource mapping not found for name: "nginx-irsa-deployment-aws-secrets" namespace: "" from "ProviderClass.yaml": no matches for kind "SecretProviderClass" in version "secrets-store.csi.x-k8s.io/v1"
ensure CRDs are installed first

Following this guide (https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_ascp_irsa.html) I have determined that the SecretProviderClass CRD isn't installed.

~ $ kubectl get crd
NAME                                         CREATED AT
cninodes.eks.amazonaws.com                   2025-04-15T19:33:48Z
cninodes.vpcresources.k8s.aws                2025-04-15T19:29:56Z
ingressclassparams.eks.amazonaws.com         2025-04-15T19:33:48Z
nodeclaims.karpenter.sh                      2025-04-15T19:33:36Z
nodeclasses.eks.amazonaws.com                2025-04-15T19:33:36Z
nodediagnostics.eks.amazonaws.com            2025-04-15T19:33:36Z
nodepools.karpenter.sh                       2025-04-15T19:33:36Z
policyendpoints.networking.k8s.aws           2025-04-15T19:29:56Z
securitygrouppolicies.vpcresources.k8s.aws   2025-04-15T19:29:56Z
targetgroupbindings.eks.amazonaws.com        2025-04-15T19:33:48Z

When I try to manually install the CRD using

kubectl get crd secretproviderclasses.secrets-store.csi.x-k8s.io

I get the error:

Error from server (NotFound): customresourcedefinitions.apiextensions.k8s.io "secretproviderclasses.secrets-store.csi.x-k8s.io" not found

Can someone help me understand how I can install the CRD?

idbentley
  • 113

1 Answers1

0

A bit of sleep and a more careful reading of the docs makes it clear that kbutctl get crd only gives information on the already installed crds.

To install the crd, I needed to look at the installation guide 1 to find the appropriate helm commands:

helm repo add secrets-store-csi-driver https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
helm install csi-secrets-store secrets-store-csi-driver/secrets-store-csi-driver --namespace kube-system
idbentley
  • 113