mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-14 18:53:35 +00:00
doc: add example for Tenant ServiceAccount
The ServiceAccount "ceph-csi-vault-sa" is expected to be placed in the Namespace "tenant" so that the provisioner and node-plugin fetch the ServiceAccount from a Namespace where Ceph-CSI is not deployed. Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos
committed by
mergify[bot]
mergify[bot]
parent
8662e01d2c
commit
b700fa43e6
22
examples/kms/vault/tenant-sa.yaml
Normal file
22
examples/kms/vault/tenant-sa.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
#
|
||||
# The ServiceAccount "ceph-csi-vault-sa" should be created in the Namespace of
|
||||
# the tenant that will be creating encrypted PVCs with a "vaulttenantsa" KMS
|
||||
# provider.
|
||||
#
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ceph-csi-vault-sa
|
||||
---
|
||||
#
|
||||
# Each tenant most likely has their own VAULT_BACKEND_PATH or other
|
||||
# configuration options. In this example, the tenant has its own key-value
|
||||
# store at "tenant".
|
||||
#
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ceph-csi-kms-config
|
||||
data:
|
||||
vaultBackendPath: tenant
|
||||
Reference in New Issue
Block a user