Skip to content

what is the path to the kes config yaml file in a pod

Cesar Celis Hernandez edited this page Mar 23, 2023 · 1 revision
  • is it /tmp/kes?: Yes
exec kubectl exec -i -t -n default kes-tenant-kes-0 -c kes -- sh -c "clear; (bash || ash || sh)"
bash-4.4$ cd /tmp/kes; ls -all
total 4
drwxrwsrwt 3 root 1000  140 Mar 23 20:26 .
drwxrwxrwt 1 root root 4096 Mar 23 20:26 ..
drwxr-sr-x 2 root 1000  100 Mar 23 20:26 ..2023_03_23_20_26_30.224981531
lrwxrwxrwx 1 root 1000   31 Mar 23 20:26 ..data -> ..2023_03_23_20_26_30.224981531
lrwxrwxrwx 1 root 1000   25 Mar 23 20:26 server-config.yaml -> ..data/server-config.yaml
lrwxrwxrwx 1 root 1000   17 Mar 23 20:26 server.crt -> ..data/server.crt
lrwxrwxrwx 1 root 1000   17 Mar 23 20:26 server.key -> ..data/server.key
bash-4.4$ cat server-config.yaml
address: 0.0.0.0:7373
root: disabled
tls:
  key: /tmp/kes/server.key
  cert: /tmp/kes/server.crt
policy:
  default-policy:
    paths:
    - /v1/key/create/my-minio-key
    - /v1/key/generate/my-minio-key
    - /v1/key/decrypt/my-minio-key
    identities:
    - ${MINIO_KES_IDENTITY}
cache:
  expiry:
    any: 5m0s
    unused: 20s
log:
  error: "on"
  audit: "off"
keys:
  vault:
    endpoint: http://vault.default.svc.cluster.local:8200
    prefix: my-minio
    approle:
      id: d0bcdea3-fc08-72be-780b-16958d35cc46
      secret: ff9b000f-0949-ad9e-6221-cbb84f853dd7
    status: {}
Clone this wiki locally