rbd: add kmip encryption type

The Key Management Interoperability Protocol (KMIP)
is an extensible communication protocol
that defines message formats for the manipulation
of cryptographic keys on a key management server.
Ceph-CSI can now be configured to connect to
various KMS using KMIP for encrypting RBD volumes.

https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol

Signed-off-by: Rakshith R <rar@redhat.com>

examples/kms/vault/csi-kms-connection-details.yaml

@@ -74,5 +74,14 @@ data:
       "encryptionKMSType": "aws-sts-metadata",
       "secretName": "ceph-csi-aws-credentials"
     }
+  kmip-test: |-
+    {
+      "KMS_PROVIDER": "kmip",
+      "KMIP_ENDPOINT": "kmip:5696",
+      "KMIP_SECRET_NAME": "ceph-csi-kmip-credentials",
+      "TLS_SERVER_NAME": "kmip.ciphertrustmanager.local",
+      "READ_TIMEOUT": 10,
+      "WRITE_TIMEOUT": 10
+    }
 metadata:
   name: csi-kms-connection-details

examples/kms/vault/kmip-credentials.yaml

@@ -0,0 +1,13 @@
+---
+# This is an example Kubernetes Secret that can be created in the Kubernetes
+# Namespace where Ceph-CSI is deployed. The contents of this Secret will be
+# used to connect to the KMS using KMIP.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ceph-csi-kmip-credentials
+stringData:
+  CA_CERT: ""
+  CLIENT_CERT: ""
+  CLIENT_KEY: ""
+  UNIQUE_IDENTIFIER: ""

examples/kms/vault/kms-config.yaml

@@ -100,6 +100,14 @@ data:
       "aws-sts-metadata-test": {
         "encryptionKMSType": "aws-sts-metadata",
         "secretName": "ceph-csi-aws-credentials"
+      },
+     "kmip-test": {
+        "KMS_PROVIDER": "kmip",
+        "KMIP_ENDPOINT": "kmip:5696",
+        "KMIP_SECRET_NAME": "ceph-csi-kmip-credentials",
+        "TLS_SERVER_NAME": "kmip.ciphertrustmanager.local",
+        "READ_TIMEOUT": 10,
+        "WRITE_TIMEOUT": 10
       }
     }
 metadata: