mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-09-19 23:19:52 +00:00
c5f00a9e3d
The new provider should be able to provision and mount an encrypted volume. Signed-off-by: Niels de Vos <ndevos@redhat.com>
40 lines
1.2 KiB
YAML
40 lines
1.2 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
data:
|
|
config.json: |-
|
|
{
|
|
"vault-test": {
|
|
"encryptionKMSType": "vault",
|
|
"vaultAddress": "http://vault.default.svc.cluster.local:8200",
|
|
"vaultAuthPath": "/v1/auth/kubernetes/login",
|
|
"vaultRole": "csi-kubernetes",
|
|
"vaultPassphraseRoot": "/v1/secret",
|
|
"vaultPassphrasePath": "ceph-csi/",
|
|
"vaultCAVerify": "false"
|
|
},
|
|
"vault-tokens-test": {
|
|
"encryptionKMSType": "vaulttokens",
|
|
"vaultAddress": "http://vault.default.svc.cluster.local:8200",
|
|
"vaultBackendPath": "secret/",
|
|
"vaultTLSServerName": "vault.default.svc.cluster.local",
|
|
"vaultCAVerify": "false",
|
|
"tenantConfigName": "ceph-csi-kms-config",
|
|
"tenantTokenName": "ceph-csi-kms-token",
|
|
"tenants": {
|
|
"my-app": {
|
|
"vaultAddress": "https://vault.example.com",
|
|
"vaultCAVerify": "true"
|
|
},
|
|
"an-other-app": {
|
|
"tenantTokenName": "storage-encryption-token"
|
|
}
|
|
}
|
|
},
|
|
"secrets-metadata-test": {
|
|
"encryptionKMSType": "metadata"
|
|
}
|
|
}
|
|
metadata:
|
|
name: ceph-csi-encryption-kms-config
|