-
Ensure the Utimaco HSM is accessible from the Kubernetes control plane.
-
Ensure the KMS plugin pod is restarted every time a change is made to the config file
'/etc/kms/config/cs_pkcs11_R3.cfg'. -
Issue in loading the Docker image.
The Docker image 'k8s-kms-plugin-v2' loaded in the Kubernetes control plane may experience issues, which can occur if the Docker load is not functioning or if containers are being used.
A solution is to explicitly import the image. Follow the steps below for explicitly loading the KMS plugin Docker image.
i. Load the KMS plugin image to Kubernetes control plane node.
ctr -n=k8s.io images import k8s-kms-plugin-hsm_v1.0.tar
ii. Verify that the image is available.
ctr -n=k8s.io images list | grep k8s-kms-plugin-v2