mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-13 10:33:35 +00:00
util: allow tenants to (re)configure VaultTokens settings
A tenant can place a ConfigMap in their Kubernetes Namespace with configuration options that differ from the global (by the Storage Admin set) values. The ConfigMap needs to be located in the Tenants namespace, as described in the documentation See-also: docs/design/proposals/encryption-with-vault-tokens.md Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos
committed by
mergify[bot]
mergify[bot]
parent
81061e9f68
commit
e4b16a5c72
12
examples/kms/vault/tenant-config.yaml
Normal file
12
examples/kms/vault/tenant-config.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
# This is an optional (re)configuration of the connection to the Vault
|
||||
# Service that can be created in a Kubernetes Namespace for a Tenant.
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ceph-csi-kms-config
|
||||
data:
|
||||
vaultAddress: "http://vault.default.svc.cluster.local:8200"
|
||||
vaultBackendPath: "secret/"
|
||||
vaultTLSServerName: "vault.default.svc.cluster.local"
|
||||
vaultCAVerify: "false"
|
||||
Reference in New Issue
Block a user