document kms encryption provider

[vineet-garg]

This is a...

• [X ] Feature Request
• Bug Report

Problem:
A new encryption provider i.e KMS provider has been added in v1.10 release. This needs a documentation.
Reference: kubernetes/kubernetes#55684

Proposed Solution:
Update the page encrypt-data to document this in the release-1.10 branch

Page to Update:
https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#providers

<Kubernetes Version: 1.1.0>

[vineet-garg]

cc @kksriram @wu-qiang

[kksriram]

cc @liggitt since we were discussing this on slack the other day.

@vineet-garg I am thinking two things need to happen.

• Update this page (via this md, I think) to

  • include KMS as a new Provider type.
  • show config to use the KMS provider
  • switching from a local encryption provider to a KMS provider
  • any updates to decrypting data when disabling encryption at rest.

• a separate page on "Implementing a KMS plugin" that would cover

  • Developing a KMS plugin gRPC server
  • Integrating the KMS plugin with a remote KMS
  • Deploying the KMS plugin

cc @kubernetes/docs - where would this latter page live? Would it make sense to place it as a child under "Extend Kubernetes" like this page?

Enabling the KMS supported by each cloud provider probably needs to be in cloud provider specific docs.

[ericchiang]

Closing since #7479's been merged. Please re-open if I've done this prematurely.

/close