ceph-csi
ceph-csi copied to clipboard
ceph
rbd: add kmip encryption type
The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Ceph-CSI can now be configured to connect to various KMS using KMIP for encrypting RBD volumes.
https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol
Resolves: https://github.com/ceph/ceph-csi/issues/3282
Signed-off-by: Rakshith R [email protected]
Heavily inspired from https://github.com/noobaa/noobaa-operator/pull/964#issue-1311434745
@Rakshith-R looks like ans field has to be renamed for the codespell to be happy :)
./internal/kms/kms_util.go:49: ans ==> and
./internal/kms/kms_util.go:61: ans ==> and
./internal/kms/kms_util.go:71: ans ==> and
./internal/kms/kms_util.go:81: ans ==> and
Please split the vendor part from the actual feature, that makes it much easier to review.
This pull request now has conflicts with the target branch. Could you please resolve conflicts and force push the corrected changes? 🙏
![mergify[bot] avatar](https://avatars.githubusercontent.com/in/10562?v=4 "Published by a pub.dev verified publisher"){kind=small}
@Rakshith-R can you please address the comments.. I am planning to start the Release work of 3.7, thats why :)
mostly nits
Add a note somewhere about how it was tested?
This was tested with pykimp server instance deployed in kubernetes cluster, I'll open an issue to track this, so we can add e2e for kmip encryption in a follow-up pr.