ceph-csi

mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-22 14:20:19 +00:00

History

Rakshith R 4f0bb2315b rbd: add `aws-sts-metdata` encryption type With Amazon STS and kubernetes cluster is configured with OIDC identity provider, credentials to access Amazon KMS can be fetched using oidc-token(serviceaccount token). Each tenant/namespace needs to create a secret with aws region, role and CMK ARN. Ceph-CSI will assume the given role with oidc token and access aws KMS, with given CMK to encrypt/decrypt DEK which will stored in the image metdata. Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html Resolves: #2879 Signed-off-by: Rakshith R <rar@redhat.com>		2022-03-16 07:29:56 +00:00
..
aws-credentials.yaml	doc: add configuration example for Amazon KMS	2021-04-06 07:33:54 +00:00
aws-sts-credentials.yaml	rbd: add `aws-sts-metdata` encryption type	2022-03-16 07:29:56 +00:00
csi-kms-connection-details.yaml	rbd: add `aws-sts-metdata` encryption type	2022-03-16 07:29:56 +00:00
csi-vaulttokenreview-rbac.yaml	Adds per volume encryption with Vault integration	2020-02-05 05:18:56 +00:00
kms-config.yaml	rbd: add `aws-sts-metdata` encryption type	2022-03-16 07:29:56 +00:00
kp-credentials.yaml	rbd: change the configmap of HPCS/KP key names to reflect the IBM string	2022-01-05 06:08:19 +00:00
tenant-config.yaml	util: allow configuring VAULT_BACKEND for Vault connection	2021-07-22 13:02:47 +00:00
tenant-sa-admin.yaml	util: allow configuring VAULT_BACKEND for Vault connection	2021-07-22 13:02:47 +00:00
tenant-sa.yaml	util: allow configuring VAULT_BACKEND for Vault connection	2021-07-22 13:02:47 +00:00
tenant-token.yaml	e2e: add test for VaultTokensKMS support	2020-12-14 14:45:09 +00:00
user-secret.yaml	e2e: add e2e for user secret based metadata encryption	2021-07-08 17:06:02 +00:00
vault-psp.yaml	Adds per volume encryption with Vault integration	2020-02-05 05:18:56 +00:00
vault.yaml	ci: use 1.8.5 vault for e2e	2021-11-19 10:37:14 +00:00