New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret CSI AWS Provider not working on Node with Taint. #1564

Open

comicrr opened this issue Jun 25, 2024 · 0 comments

Labels

kind/bug

comicrr commented Jun 25, 2024

What steps did you take and what happened:

I am using the AWS Provider in SecretProviderClass to create secrets for my pods.

In Environment A, the nodes have no taints.
In Environment B, the nodes have the following taint: node.kubernetes.io/dedicated-for-load-test=true.
In Environment A, everything works perfectly.
In Environment B, the Secret CSI pods display the error: Failed to fetch secret from all regions: arn:aws:secretsmanager::㊙️-.

2024-06-25_15-31-18

Initially, I thought the Secret CSI pods were not scheduled due to the taint. However, they were successfully spawned on each tainted node:

csi-secrets-store-provider-aws-stvgz
secrets-store-csi-driver-qf5pb

2024-06-25_15-29-12

What did you expect to happen:

The Secret CSI should work even on nodes with taints.

Which provider are you using:

AWS Provider

Environment:

Secrets Store CSI Driver version: (use the image tag):
- csi-secrets-store-provider-aws-stvgz : public.ecr.aws/aws-secrets-manager/secrets-store-csi-driver-provider-aws:1.0.r2-35-g41dc61e-2022.12.16.20.38
- secrets-store-csi-driver-qf5pb : registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0
Kubernetes version: (use kubectl version):
- Client = v1.27.8
- Server = v1.28.9-eks-036c24b

The text was updated successfully, but these errors were encountered:

comicrr added the kind/bug label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment