.png){kind=logo}
SoftHSM2 integration in Kubernetes
Please add this to values.yaml file in ejbca or signserver section.
For a full example with EJBCA please see Deploy EJBCA as CA with automation with SoftHSM2 .
YAML
#ejbca:
#signserver:
# Extra init containers to be added to the deployment
initContainers:
- name: hsm-driver-init
image: registry.primekey.com/primekey/hsm-driver-softhsm:1.0.8
command:
["sh", "-c", "cp --preserve --recursive /opt/keyfactor/p11proxy-client/* /mnt/driver/"]
volumeMounts:
- name: p11proxy-client
mountPath: /mnt/driver/
- name: hsm-slot-init
mountPath: /opt/keyfactor/init/initialize-hsm-slots-softhsm2.sh
subPath: initialize-hsm-slots-softhsm2.sh
- name: tokens
mountPath: /mnt/tokens
envFrom:
- secretRef:
name: configdump-secrets
# Extra sidecar containers to be added to the deployment
sidecarContainers:
- name: hsm
image: registry.primekey.com/primekey/hsm-driver-softhsm:1.0.8
imagePullPolicy: IfNotPresent
env:
- name: SOFTHSM2_LOG_LEVEL
value: INFO
volumeMounts:
- name: tokens
mountPath: /mnt/tokens
# Extra volumes to be added to the deployment
volumes:
- name: p11proxy-client
emptyDir: {}
- name: tokens
persistentVolumeClaim:
claimName: softhsm-pvc
# Extra volume mounts to be added to the deployment
volumeMounts:
- name: p11proxy-client
mountPath: /opt/keyfactor/p11proxy-client
- name: after-deployed-pre
mountPath: /opt/keyfactor/bin/internal/after-deployed-pre.sh
subPath: after-deployed-pre.sh