-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathk8s-kms-plugin.yaml
44 lines (44 loc) · 1.29 KB
/
k8s-kms-plugin.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
apiVersion: v1
kind: Pod
metadata:
name: ack-kms-plugin
namespace: kube-system
spec:
hostNetwork: true
restartPolicy: Always
priorityClassName: system-cluster-critical
volumes:
- name: kmssocket
hostPath:
path: /var/run/kmsplugin
type: DirectoryOrCreate
containers:
- name: ack-kms-plugin
image: registry.{{ .Region }}.aliyuncs.com/acs/ack-kms-plugin:v1.0.2
imagePullPolicy: Always
command:
- ack-kms-plugin
- --gloglevel=5
- --key-id={{ .KeyId }}
- --path-to-unix-socket=/var/run/kmsplugin/grpc.sock
livenessProbe:
exec:
command:
- ack-kms-plugin
- health
- --path-to-unix-socket=/var/run/kmsplugin/grpc.sock
initialDelaySeconds: 30
failureThreshold: 3
timeoutSeconds: 5
periodSeconds: 300
env:
- name: ACCESS_KEY_ID #not required if you want plugin help to pull the sts credentials
value: {{ .AK }}
- name: ACCESS_KEY_SECRET #not required if you want plugin help to pull the sts credentials
value: {{ .AK_Secret }}
- name: CREDENTIAL_INTERVAL #not required if you want plugin help to pull the sts credentials
value: {{ .Credential_Interval }}
volumeMounts:
- name: kmssocket
mountPath: /var/run/kmsplugin
readOnly: false