No way to define affinity for the "upstream Secrets Store CSI Driver" in EKS Add-on

[maksym-iv-ef]

There seems to be no way to define affinity for the "upstream Secrets Store CSI Driver" when installed as EKS Add-on. The consequences of it is pretty simple, yet not very convenient, if EKS has some pods running within Fargate, the secrets-store-csi-driver will fail to schedule on the Fargate nodes and missing affinity config leaves no method to prevent pods from schduling on the Fargate nodes

To Reproduce

1. Create thge EKS cluster
2. Provision any workload on EKS Fargate
3. Addon DS pods fails to schedule on the AWS Fargate

Do you also notice this bug when using a different secrets store provider (Vault/Azure/GCP...)? Yes/No

No

Expected behavior

Ability to define affinity for secrets-store-csi-driver

Environment:

• EKS K8s 1.35
• Add-on version v2.2.2-eksbuild.1

• I am able to reproduce this issue on the latest version of the CSI driver and AWS providers.

Additional context
Add any other context about the problem here.

[simonmarty]

Looks like we might have to expand

https://github.com/kubernetes-sigs/secrets-store-csi-driver/blame/main/charts/secrets-store-csi-driver/values.yaml#L27-L36

to add

            - key: "eks.amazonaws.com/compute-type"
              operator: NotIn
              values:
              - fargate

in our Helm chart values.yml for the driver.