I have implemented a KMS Plugin gRPC server. However, my api-server is not able to connect to Unix socket at path "/opt/mysocket.sock".
If I bind my socket to "/etc/ssl/certs/" directory. "api-server" is able to access it and interact with my gRPC server over Unix socket and plugin is working as expected.
How I can pass my unix socket to api-server without getting restricted to only "/etc/ssl/certs/" directory.
I want to use other standard directories like "/opt" or "/var" etc.
I have followed below guide from Google to implement KMS plugin. https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/
For "api-server" pod to access any directory from the host system, we need to add mount path in "kube-apiserver.yaml" file.
Path to yaml file "/etc/kubernetes/manifests/kube-apiserver.yaml" file.
Add mount point as shown below (keep correct indentation).
=====
volumeMounts:
- mountPath: /etc/my_dir
name: my-kms
readOnly: true
...
...
volumes:
- hostPath:
path: /etc/my_dir
type: DirectoryOrCreate
====