--- apiVersion: v1 kind: ConfigMap data: config.json: |- { "vault-test": { "encryptionKMSType": "vault", "vaultAddress": "http://vault.default.svc.cluster.local:8200", "vaultAuthPath": "/v1/auth/kubernetes/login", "vaultRole": "csi-kubernetes", "vaultBackend": "kv-v2", "vaultPassphraseRoot": "/v1/secret", "vaultPassphrasePath": "ceph-csi/", "vaultCAVerify": "false" }, "vault-tokens-test": { "encryptionKMSType": "vaulttokens", "vaultAddress": "http://vault.default.svc.cluster.local:8200", "vaultBackend": "kv-v2", "vaultBackendPath": "secret/", "vaultTLSServerName": "vault.default.svc.cluster.local", "vaultCAVerify": "false", "tenantConfigName": "ceph-csi-kms-config", "tenantTokenName": "ceph-csi-kms-token", "tenants": { "my-app": { "vaultAddress": "https://vault.example.com", "vaultCAVerify": "true" }, "an-other-app": { "tenantTokenName": "storage-encryption-token" } } }, "vault-tenant-sa-test": { "encryptionKMSType": "vaulttenantsa", "vaultAddress": "http://vault.default.svc.cluster.local:8200", "vaultBackend": "kv-v2", "vaultBackendPath": "shared-secrets", "vaultTLSServerName": "vault.default.svc.cluster.local", "vaultCAVerify": "false", "tenantConfigName": "ceph-csi-kms-config", "tenantSAName": "ceph-csi-vault-sa", "tenants": { "my-app": { "vaultAddress": "https://vault.example.com", "vaultCAVerify": "true" }, "an-other-app": { "tenantSAName": "storage-encryption-sa" } } }, "secrets-metadata-test": { "encryptionKMSType": "metadata" }, "user-ns-secrets-metadata-test": { "encryptionKMSType": "metadata", "secretName": "storage-encryption-secret", "secretNamespace": "default" }, "user-secrets-metadata-test": { "encryptionKMSType": "metadata", "secretName": "storage-encryption-secret" } } metadata: name: ceph-csi-encryption-kms-config