From 2656448617ee8ce99ae673909f0f61e96ce29d5f Mon Sep 17 00:00:00 2001
From: Ilya Dryomov <idryomov@gmail.com>
Date: Mon, 19 Apr 2021 09:37:01 +0200
Subject: [PATCH] doc/rbd/rbd-kubernetes: mention KMS config map

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---
 doc/rbd/rbd-kubernetes.rst | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/doc/rbd/rbd-kubernetes.rst b/doc/rbd/rbd-kubernetes.rst
index caaf77d648fa4..fd064bb312c5f 100644
--- a/doc/rbd/rbd-kubernetes.rst
+++ b/doc/rbd/rbd-kubernetes.rst
@@ -114,6 +114,26 @@ Once generated, store the new `ConfigMap` object in Kubernetes::
 
         $ kubectl apply -f csi-config-map.yaml
 
+Recent versions of `ceph-csi` also require an additional `ConfigMap` object to
+define Key Management Service (KMS) provider details.  If KMS isn't set up, put
+an empty configuration in a `csi-kms-config-map.yaml` file or refer to examples
+at https://github.com/ceph/ceph-csi/tree/master/examples/kms::
+
+        $ cat <<EOF > csi-kms-config-map.yaml
+        ---
+        apiVersion: v1
+        kind: ConfigMap
+        data:
+          config.json: |-
+            {}
+        metadata:
+          name: ceph-csi-encryption-kms-config
+        EOF
+
+Once generated, store the new `ConfigMap` object in Kubernetes::
+
+        $ kubectl apply -f csi-kms-config-map.yaml
+
 Generate `ceph-csi` cephx `Secret`
 ----------------------------------
 
-- 
2.39.5