From: Ilya Dryomov <idryomov@gmail.com>
Date: Mon, 19 Apr 2021 07:37:01 +0000 (+0200)
Subject: doc/rbd/rbd-kubernetes: mention KMS config map
X-Git-Tag: v17.1.0~2203^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2656448617ee8ce99ae673909f0f61e96ce29d5f;p=ceph.git

doc/rbd/rbd-kubernetes: mention KMS config map

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---

diff --git a/doc/rbd/rbd-kubernetes.rst b/doc/rbd/rbd-kubernetes.rst
index caaf77d648fa..fd064bb312c5 100644
--- a/doc/rbd/rbd-kubernetes.rst
+++ b/doc/rbd/rbd-kubernetes.rst
@@ -114,6 +114,26 @@ Once generated, store the new `ConfigMap` object in Kubernetes::
 
         $ kubectl apply -f csi-config-map.yaml
 
+Recent versions of `ceph-csi` also require an additional `ConfigMap` object to
+define Key Management Service (KMS) provider details.  If KMS isn't set up, put
+an empty configuration in a `csi-kms-config-map.yaml` file or refer to examples
+at https://github.com/ceph/ceph-csi/tree/master/examples/kms::
+
+        $ cat <<EOF > csi-kms-config-map.yaml
+        ---
+        apiVersion: v1
+        kind: ConfigMap
+        data:
+          config.json: |-
+            {}
+        metadata:
+          name: ceph-csi-encryption-kms-config
+        EOF
+
+Once generated, store the new `ConfigMap` object in Kubernetes::
+
+        $ kubectl apply -f csi-kms-config-map.yaml
+
 Generate `ceph-csi` cephx `Secret`
 ----------------------------------