mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-22 22:30:23 +00:00
doc: add configuration example for Amazon KMS
Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
parent
e1f8b1d44a
commit
f172e6956b
13
examples/kms/vault/aws-credentials.yaml
Normal file
13
examples/kms/vault/aws-credentials.yaml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
# This is an example Kubernetes Secret that can be created in the Kubernetes
|
||||||
|
# Namespace where Ceph-CSI is deployed. The contents of this Secret will be
|
||||||
|
# used to connect to the Amazon KMS.
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: ceph-csi-aws-credentials
|
||||||
|
stringData:
|
||||||
|
AWS_ACCESS_KEY_ID: "AKIAIOSFODNN7EXAMPLE"
|
||||||
|
AWS_SECRET_ACCESS_KEY: "JalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY"
|
||||||
|
AWS_SESSION_TOKEN: ""
|
||||||
|
AWS_CMK_ARN: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
@ -35,5 +35,11 @@ data:
|
|||||||
{
|
{
|
||||||
"encryptionKMSType": "metadata"
|
"encryptionKMSType": "metadata"
|
||||||
}
|
}
|
||||||
|
aws-metadata-test: |-
|
||||||
|
{
|
||||||
|
"KMS_PROVIDER": "aws-metadata",
|
||||||
|
"KMS_SECRET_NAME": "ceph-csi-aws-credentials",
|
||||||
|
"AWS_REGION": "us-west-2"
|
||||||
|
}
|
||||||
metadata:
|
metadata:
|
||||||
name: csi-kms-connection-details
|
name: csi-kms-connection-details
|
||||||
|
Loading…
Reference in New Issue
Block a user