secrets-store-csi-driver-provider-azure: Not able to mount EC Key in application pod

Hi, when I am trying to deploy my app, I wish to mount an “Elliptic Curve” Key in the application pod. But I am getting this error for that:

Events:
  Type     Reason       Age   From                                        Message
  ----     ------       ----  ----                                        -------
  Normal   Scheduled    40s   default-scheduler                           Successfully assigned default/certs-store to aks-agentpool-19909641-vmss000001
  Warning  FailedMount  38s   kubelet, aks-agentpool-19909641-vmss000001  MountVolume.SetUp failed for volume "secrets-store-inline" : kubernetes.io/csi: mounter.SetupAt failed: rpc error: code = Unknown desc = error mounting secret panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x6e4b08]

goroutine 1 [running]:
github.com/Azure/secrets-store-csi-driver-provider-azure/pkg/azure.(*Provider).GetKeyVaultObjectContent(0xc0003b7eb8, 0x831620, 0xc00001a018, 0xc00001ab88, 0x3, 0xc00001ab50, 0xc, 0x0, 0x0, 0xc0003eec00, ...)
  /go/src/github.com/Azure/secrets-store-csi-driver-provider-azure/pkg/azure/provider.go:431 +0x13f8
github.com/Azure/secrets-store-csi-driver-provider-azure/pkg/azure.(*Provider).MountSecretsStoreObjectContent(0xc0003b7eb8, 0x831620, 0xc00001a018, 0xc00005f260, 0xc00005f290, 0x7ffc950fdd55, 0x6f, 0xc0000001a4, 0x7b21b9, 0x7)
  /go/src/github.com/Azure/secrets-store-csi-driver-provider-azure/pkg/azure/provider.go:387 +0xa6d
main.main()
           /go/src/github.com/Azure/secrets-store-csi-driver-provider-azure/cmd/main.go:67 +0x42b
  Warning  FailedMount  36s  kubelet, aks-agentpool-19909641-vmss000001  MountVolume.SetUp failed for volume "secrets-store-inline" : kubernetes.io/csi: mounter.SetupAt failed: rpc error: code = Unknown desc = error mounting secret panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x6e4b08]

I was getting some error with the Flex Volume too. I switched my testing to “secrets-store-csi-driver” for that. But again facing a similar issue.

About this issue

Original URL
State: closed
Created 4 years ago
Comments: 27 (13 by maintainers)

Most upvoted comments

@aramase I was able to test out the 0.0.6 release using EC keys. I use the secret and split the cert and private key. Since it’s now in PEM format I don’t need to convert from pfx format first.

Thx for the quality work!

pplavetzki on Jun 10, 2020

@chintanr97 @bhardwahnitish19 We just cut a new release with all the changes included - https://github.com/Azure/secrets-store-csi-driver-provider-azure/releases/tag/0.0.6. Please try out and let us know if you have any feedback.

aramase on May 26, 2020

@chintanr97 I agree, as we have three options to choose for export i.e. cert,key & secret. I think it will be great if we can have following behavior:

Cert: Exports just public key of the certificate in pem format
Key: Exports just private key of the certificate in pem format
Secret: Exports public & private key in pem format

This will really help anyone in future to easily access components of certificates from keyvault and use them the way they need in k8s environment.

Thanks for your quick response, really appreciate your help.

bhardwahnitish19 on May 6, 2020

Closing this issue as mounting EC key in application pod is now supported. Please feel free to reopen if there are any questions or concerns.

aramase on Jun 30, 2020

@chintanr97 ok I’ve got it working now to do what I need.

Upload EC cert to AKV in pfx format
Mount the cert using the secret objectType
Use an init container to split the Private Key and the Cert into two files.

Thanks for this helpful thread!

pplavetzki on May 19, 2020

@chintanr97 @bhardwahnitish19 Thank you for the detailed comments. This is really helpful. We’ll take these into consideration as we make the necessary changes.

aramase on May 6, 2020