mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-22 22:30:23 +00:00
4f0bb2315b
With Amazon STS and kubernetes cluster is configured with OIDC identity provider, credentials to access Amazon KMS can be fetched using oidc-token(serviceaccount token). Each tenant/namespace needs to create a secret with aws region, role and CMK ARN. Ceph-CSI will assume the given role with oidc token and access aws KMS, with given CMK to encrypt/decrypt DEK which will stored in the image metdata. Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html Resolves: #2879 Signed-off-by: Rakshith R <rar@redhat.com> |
||
---|---|---|
.. | ||
_helpers.tpl | ||
ceph-conf.yaml | ||
csidriver-crd.yaml | ||
csiplugin-configmap.yaml | ||
encryptionkms-configmap.yaml | ||
nodeplugin-clusterrole.yaml | ||
nodeplugin-clusterrolebinding.yaml | ||
nodeplugin-daemonset.yaml | ||
nodeplugin-http-service.yaml | ||
nodeplugin-psp.yaml | ||
nodeplugin-role.yaml | ||
nodeplugin-rolebinding.yaml | ||
nodeplugin-serviceaccount.yaml | ||
NOTES.txt | ||
provisioner-clusterrole.yaml | ||
provisioner-clusterrolebinding.yaml | ||
provisioner-deployment.yaml | ||
provisioner-http-service.yaml | ||
provisioner-psp.yaml | ||
provisioner-role.yaml | ||
provisioner-rolebinding.yaml | ||
provisioner-serviceaccount.yaml | ||
secret.yaml | ||
storageclass.yaml |