doc: add configuration example for Amazon KMS

Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos 2021-03-24 18:04:33 +01:00 committed by mergify[bot]
parent e1f8b1d44a
commit f172e6956b
2 changed files with 19 additions and 0 deletions

View File

@ -0,0 +1,13 @@
---
# This is an example Kubernetes Secret that can be created in the Kubernetes
# Namespace where Ceph-CSI is deployed. The contents of this Secret will be
# used to connect to the Amazon KMS.
apiVersion: v1
kind: Secret
metadata:
name: ceph-csi-aws-credentials
stringData:
AWS_ACCESS_KEY_ID: "AKIAIOSFODNN7EXAMPLE"
AWS_SECRET_ACCESS_KEY: "JalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY"
AWS_SESSION_TOKEN: ""
AWS_CMK_ARN: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"

View File

@ -35,5 +35,11 @@ data:
{
"encryptionKMSType": "metadata"
}
aws-metadata-test: |-
{
"KMS_PROVIDER": "aws-metadata",
"KMS_SECRET_NAME": "ceph-csi-aws-credentials",
"AWS_REGION": "us-west-2"
}
metadata:
name: csi-kms-connection-details