mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
util: pass Namespace as part of KMSInitializerArgs
Amazon KMS expects a Secret with sensitive account and key information in the Kubernetes Namespace where the Ceph-CSI Pods are running. It will fetch the contents of the Secret itself. Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos
mergify[bot]
parent
523ac4b975
commit
f3b06d4c4a
@ -204,6 +204,10 @@ type KMSInitializerArgs struct {
|
|||||||
Tenant string
|
Tenant string
|
||||||
Config map[string]interface{}
|
Config map[string]interface{}
|
||||||
Secrets map[string]string
|
Secrets map[string]string
|
||||||
|
// Namespace contains the Kubernetes Namespace where the Ceph-CSI Pods
|
||||||
|
// are running. This is an optional option, and might be unset when the
|
||||||
|
// KMSProvider.Initializer is called.
|
||||||
|
Namespace string
|
||||||
}
|
}
|
||||||
|
|
||||||
// KMSInitializerFunc gets called when the KMSProvider needs to be
|
// KMSInitializerFunc gets called when the KMSProvider needs to be
|
||||||
@ -260,11 +264,18 @@ func (kf *kmsProviderList) buildKMS(tenant string, config map[string]interface{}
|
|||||||
providerName)
|
providerName)
|
||||||
}
|
}
|
||||||
|
|
||||||
return provider.Initializer(KMSInitializerArgs{
|
kmsInitArgs := KMSInitializerArgs{
|
||||||
Tenant: tenant,
|
Tenant: tenant,
|
||||||
Config: config,
|
Config: config,
|
||||||
Secrets: secrets,
|
Secrets: secrets,
|
||||||
Namespace: getPodNamespace(),
|
}
|
||||||
ConfigMap: getKMSConfigMapName(),
|
|
||||||
})
|
// Namespace is an optional parameter, it may not be set and is not
|
||||||
|
// required for all KMSProviders
|
||||||
|
ns, err := getPodNamespace()
|
||||||
|
if err == nil {
|
||||||
|
kmsInitArgs.Namespace = ns
|
||||||
|
}
|
||||||
|
|
||||||
|
return provider.Initializer(kmsInitArgs)
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user