Commit Graph

7 Commits

Author SHA1 Message Date
Rakshith R
4f0bb2315b rbd: add aws-sts-metdata encryption type
With Amazon STS and kubernetes cluster is configured with
OIDC identity provider, credentials to access Amazon KMS
can be fetched using oidc-token(serviceaccount token).
Each tenant/namespace needs to create a secret with aws region,
role and CMK ARN.
Ceph-CSI will assume the given role with oidc token and access
aws KMS, with given CMK to encrypt/decrypt DEK which will stored
in the image metdata.

Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html
Resolves: #2879

Signed-off-by: Rakshith R <rar@redhat.com>
2022-03-16 07:29:56 +00:00
Madhu Rajanna
fb7dc13dfe rebase: update packages in go.mod to latest releases
updated few packages in go.mod to latest
available release.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-06-04 11:52:22 +00:00
Madhu Rajanna
385a751b8e rebase: rename kube-storage to csi-addons
as the org github.com/kube-storage is renamed
to github.com/csi-addons as the name kube-storage
was more generic.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-06 10:59:58 +00:00
Madhu Rajanna
ce7f936551 rebase: add replication-lib-utils to go.mod
added github.com/kube-storage/replication-lib-utils
to the vendor directory which is required to avoid
secret logging in GRPC.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2021-04-01 20:05:55 +00:00
Niels de Vos
91774fc936 rebase: vendor dependencies for Vault API
Uses github.com/libopenstorage/secrets to communicate with Vault. This
removes the need for maintaining our own limited Vault APIs.

By adding the new dependency, several other packages got updated in the
process. Unused indirect dependencies have been removed from go.mod.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2020-11-29 04:03:59 +00:00
Humble Chirammal
3af1e26d7c Update to kube v1.17
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2020-01-17 12:06:02 +00:00
Humble Chirammal
22ff5c0911 Migrate from snapClient.VolumesnapshotV1alpha1Client to
snapClient.SnapshotV1alpha1Client and also update kube dependency

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2019-06-24 13:08:29 +00:00