mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-10 00:10:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,587 Commits 24 Branches 38 Tags 140 MiB
211ca9b5a7
Commit Graph

3 Commits

Author SHA1 Message Date
Niels de Vos
82557e3f34 util: allow configuring VAULT_BACKEND for Vault connection 
It seems that the version of the key/value engine can not always be
detected for Hashicorp Vault. In certain cases, it is required to
configure the `VAULT_BACKEND` (or `vaultBackend`) option so that a
successful connection to the service can be made.

The `kv-v2` is the current default for development deployments of
Hashicorp Vault (what we use for automated testing). Production
deployments default to version 1 for now.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
 2021-07-22 13:02:47 +00:00
Niels de Vos
d941e5abac util: make parseTenantConfig() usable for modular KMSs 
parseTenantConfig() only allowed configuring a defined set of options,
and KMSs were not able to re-use the implementation. Now, the function
parses the ConfigMap from the Tenants Namespace and returns a map with
options that the KMS supports.

The map that parseTenantConfig() returns can be inspected by the KMS,
and applied to the vaultTenantConnection type by calling parseConfig().

Signed-off-by: Niels de Vos <ndevos@redhat.com>
 2021-07-13 17:16:35 +00:00
Niels de Vos
b700fa43e6 doc: add example for Tenant ServiceAccount 
The ServiceAccount "ceph-csi-vault-sa" is expected to be placed in the
Namespace "tenant" so that the provisioner and node-plugin fetch the
ServiceAccount from a Namespace where Ceph-CSI is not deployed.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
 2021-07-13 17:16:35 +00:00