mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 10:33:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

helm: support encryption config in ceph-csi-cephfs chart

Browse Source 
this chart currently lack the ability to properly configure encryption,
as well as granting sufficent permission to allow controllers to access
secret when needed.

Signed-off-by: Antoine C <hi@acolombier.dev>
This commit is contained in:
Antoine C
2024-04-01 23:49:57 +01:00
committed by mergify[bot]
parent dc4ca2015e
commit cc407d157e
8 changed files with 120 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
charts/ceph-csi-cephfs/values.yaml
View File

@ -31,6 +31,20 @@ serviceAccounts:
# radosNamespace: "csi"
csiConfig: []
# Configuration for the encryption KMS
# yamllint disable-line rule:line-length
# Ref: https://github.com/ceph/ceph-csi/blob/devel/docs/deploy-cephfs.md#cephfs-volume-encryption
# Example:
# encryptionKMSConfig:
# encryptionKMSType: vault
# vaultAddress: https://vault.example.com
# vaultAuthPath: /v1/auth/kubernetes/login
# vaultRole: csi-kubernetes
# vaultPassphraseRoot: /v1/secret
# vaultPassphrasePath: ceph-csi/
# vaultCAVerify: "true"
encryptionKMSConfig: {}
# Labels to apply to all resources
commonLabels: {}
@ -329,6 +343,18 @@ storageClass:
# If omitted, defaults to "csi-vol-".
# volumeNamePrefix: "foo-bar-"
volumeNamePrefix: ""
# (optional) Instruct the plugin it has to encrypt the volume
# By default it is disabled. Valid values are "true" or "false".
# A string is expected here, i.e. "true", not true.
# encrypted: "true"
encrypted: ""
# (optional) Use external key management system for encryption passphrases by
# specifying a unique ID matching KMS ConfigMap. The ID is only used for
# correlation to configmap entry.
encryptionKMSID: ""
# The secrets have to contain user and/or Ceph admin credentials.
provisionerSecret: csi-cephfs-secret
# If the Namespaces are not specified, the secrets are assumed to
@ -400,6 +426,8 @@ configMapName: ceph-csi-config
externallyManagedConfigmap: false
# Name of the configmap used for ceph.conf
cephConfConfigMapName: ceph-config
# Name of the configmap used for encryption kms configuration
kmsConfigMapName: ceph-csi-encryption-kms-config
# CephFS RadosNamespace used to store CSI specific objects and keys.
# radosNamespaceCephFS: csi
# Unique ID distinguishing this instance of Ceph CSI among other instances,