-
Notifications
You must be signed in to change notification settings - Fork 0
what is the path to the kes config yaml file in a pod
Cesar Celis Hernandez edited this page Mar 23, 2023
·
1 revision
- is it
/tmp/kes
?: Yes
exec kubectl exec -i -t -n default kes-tenant-kes-0 -c kes -- sh -c "clear; (bash || ash || sh)"
bash-4.4$ cd /tmp/kes; ls -all
total 4
drwxrwsrwt 3 root 1000 140 Mar 23 20:26 .
drwxrwxrwt 1 root root 4096 Mar 23 20:26 ..
drwxr-sr-x 2 root 1000 100 Mar 23 20:26 ..2023_03_23_20_26_30.224981531
lrwxrwxrwx 1 root 1000 31 Mar 23 20:26 ..data -> ..2023_03_23_20_26_30.224981531
lrwxrwxrwx 1 root 1000 25 Mar 23 20:26 server-config.yaml -> ..data/server-config.yaml
lrwxrwxrwx 1 root 1000 17 Mar 23 20:26 server.crt -> ..data/server.crt
lrwxrwxrwx 1 root 1000 17 Mar 23 20:26 server.key -> ..data/server.key
bash-4.4$ cat server-config.yaml
address: 0.0.0.0:7373
root: disabled
tls:
key: /tmp/kes/server.key
cert: /tmp/kes/server.crt
policy:
default-policy:
paths:
- /v1/key/create/my-minio-key
- /v1/key/generate/my-minio-key
- /v1/key/decrypt/my-minio-key
identities:
- ${MINIO_KES_IDENTITY}
cache:
expiry:
any: 5m0s
unused: 20s
log:
error: "on"
audit: "off"
keys:
vault:
endpoint: http://vault.default.svc.cluster.local:8200
prefix: my-minio
approle:
id: d0bcdea3-fc08-72be-780b-16958d35cc46
secret: ff9b000f-0949-ad9e-6221-cbb84f853dd7
status: {}