Controller Helm Chart

Azure Key Vault Controller reference

This chart will install a Kubernetes controller and a Custom Resource Definition (AzureKeyVaultSecret), that together enable secrets from Azure Key Vault to be stored as Kubernetes native Secret resources.

For more information see the main GitHub repository at https://github.com/SparebankenVest/azure-key-vault-to-kubernetes.

Note about installing both Azure Key Vault Controller AND Azure Key Vault Env Injector

If installing both the Controller and the Env Injector, they share the same Custom Resource Definition (CRD), so only one of them can install it. Set installCrd to false for either this Chart or the Env Injector Chart.

Installing the Chart

helm repo add spv-charts http://charts.spvapi.no
helm repo update
helm install spv-charts/azure-key-vault-controller \
  --namespace akv2k8s

Installation of both Controller and env-injector

helm install spv-charts/azure-key-vault-controller \
  --namespace akv2k8s
helm install spv-charts/azure-key-vault-env-injector \
  --set installCrd=false  --namespace akv2k8s

We set installCrd=false on the last helm chart we install, or else the second install (injector in this case) will fail when the CRD already exists.

Using custom authentication

helm install spv-charts/azure-key-vault-env-injector \
  --set keyVault.customAuth.enabled=true \
  --set env.AZURE_TENANT_ID=... \
  --set env.AZURE_CLIENT_ID=... \
  --set env.AZURE_CLIENT_SECRET=...


The following table lists configurable parameters of the azure-key-vault-controller chart and their default values.

envaditional env vars to send to pod{}
image.repositoryimage repo that contains the controller imagespvest/azure-keyvault-controller
image.tagimage tag1.0.2
installCrdinstall custom resource definitiontrue
keyVault.customAuth.enabledif custom auth is enabledfalse
keyVault.customAuth.podIdentitySelectorif using aad-pod-identity, which selector to reference""
keyVault.polling.normalIntervalinterval to wait before polling azure key vault for secret updates1m
keyVault.polling.failureIntervalinterval to wait when polling has failed failureAttempts before polling azure key vault for secret updates5m
keyVault.polling.failureAttemptsnumber of times to allow secret updates to fail before applying failureInterval5
logLevellog levelinfo
Edit on GitHub