ceph-csi/examples/kms/vault
Niels de Vos b866bd491c util: add vaultAuthNamespace option for Vault KMS
The new `vaultAuthNamespace` configuration parameter can be set to the
Vault Namespace where the authentication is setup in the service. Some
Hashicorp Vault deployments use sub-namespaces for their users/tenants,
with a 'root' namespace where the authentication is configured. This
requires passing of different Vault namespaces for different operations.

Example:
 - the Kubernetes Auth mechanism is configured for in the Vault
   Namespace called 'devops'
 - a user/tenant has a sub-namespace called 'devops/website' where the
   encryption passphrases can be placed in the key-value store

The configuration for this, then looks like:

    vaultAuthNamespace: devops
    vaultNamespace: devops/homepage

Note that Vault Namespaces are a feature of the Hashicorp Vault
Enterprise product, and not part of the Open Source version. This
prevents adding e2e tests that validate the Vault Namespace
configuration.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
(cherry picked from commit f2d5c2e0df)
2021-08-05 06:44:23 +00:00
..
aws-credentials.yaml doc: add configuration example for Amazon KMS 2021-04-06 07:33:54 +00:00
csi-kms-connection-details.yaml doc: add example for Tenant ServiceAccount 2021-07-13 17:16:35 +00:00
csi-vaulttokenreview-rbac.yaml Adds per volume encryption with Vault integration 2020-02-05 05:18:56 +00:00
kms-config.yaml util: add vaultAuthNamespace option for Vault KMS 2021-08-05 06:44:23 +00:00
tenant-config.yaml util: allow configuring VAULT_BACKEND for Vault connection 2021-07-22 13:02:47 +00:00
tenant-sa-admin.yaml util: allow configuring VAULT_BACKEND for Vault connection 2021-07-22 13:02:47 +00:00
tenant-sa.yaml util: allow configuring VAULT_BACKEND for Vault connection 2021-07-22 13:02:47 +00:00
tenant-token.yaml e2e: add test for VaultTokensKMS support 2020-12-14 14:45:09 +00:00
user-secret.yaml e2e: add e2e for user secret based metadata encryption 2021-07-08 17:06:02 +00:00
vault-psp.yaml Adds per volume encryption with Vault integration 2020-02-05 05:18:56 +00:00
vault.yaml e2e: add securityContext.runAsUser to vault-init-job 2021-07-13 17:16:35 +00:00