From b8fec4df64c909b906787c9e34afc20878fc8292 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Thu, 10 Dec 2020 16:49:53 +0100 Subject: [PATCH] doc: fix links for example yaml files The yaml files for RBD encryption are located in examples/kms/vault, and not in the examples/rbd directory. Signed-off-by: Niels de Vos --- docs/deploy-rbd.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/deploy-rbd.md b/docs/deploy-rbd.md index a5323370c..379bd5170 100644 --- a/docs/deploy-rbd.md +++ b/docs/deploy-rbd.md @@ -236,7 +236,8 @@ There are two options to use Hashicorp Vault as a KMS: To use Vault as KMS set `encryptionKMSID` to a unique identifier for Vault configuration. You will also need to create vault configuration similar to the -[example](../examples/rbd/kms-config.yaml) and use same `encryptionKMSID`. +[example](../examples/kms/vault/kms-config.yaml) and use same +`encryptionKMSID`. To use the Kubernetes ServiceAccount to access Vault, the configuration must include `encryptionKMSType: "vault"`. If Tenants are expected to place their @@ -265,8 +266,9 @@ described in [official documentation](https://www.vaultproject.io/docs/auth/kubernetes.html). If token reviewer is used, you will need to configure service account for -that also like in [example](../examples/rbd/csi-vaulttokenreview-rbac.yaml) to -be able to review jwt tokens. +that also like in +[example](../examples/kms/vault/csi-vaulttokenreview-rbac.yaml) to be able to +review jwt tokens. Configure a role(s) for service accounts used for ceph-csi: