mysql
diff --git a/‎deploy/deploy-crds.yaml‎
Lines changed: 23 additions & 0 deletions b/‎deploy/deploy-crds.yaml‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎helm/mysql-innodbcluster/templates/deployment_cluster.yaml‎
Lines changed: 19 additions & 14 deletions b/‎helm/mysql-innodbcluster/templates/deployment_cluster.yaml‎
Lines changed: 19 additions & 14 deletions
diff --git a/‎helm/mysql-operator/crds/crd.yaml‎
Lines changed: 23 additions & 0 deletions b/‎helm/mysql-operator/crds/crd.yaml‎
Lines changed: 23 additions & 0 deletions
@@ -103,6 +103,29 @@ spec:
                   type: object
                   description: "Keyring specification"
                   properties:
+                    kmip:
+                      type: object
+                      description: "Keyring 'KMIP' specification"
+                      required: ["configuration", "server"]
+                      properties:
+                        configuration:
+                          type: string
+                          default: ""
+                          description: "Name of a secret that contains TLS certificates"
+                        cacheKeys:
+                          type: boolean
+                          default: true
+                          description: "Whether the keys are cached by the MySQL Server in RAM in plaintext. If set to false the keys are decrypted on every access"
+                        server:
+                          type: string
+                          default: ""
+                          description: "Primary OKV Server host with port number in the format <host>:<port>"
+                        standbyServer:
+                          type: array
+                          default: []
+                          description: "A list of standby servers in the format <host>:<port>"
+                          items:
+                            type: string
                     file:
                       type: object
                       description: "Keyring 'File' specification"
 
@@ -162,9 +162,27 @@ spec:
   {{- end }}
 {{- end }}
   # Keyring
-{{- if (or (((.Values).keyring).file) (((.Values).keyring).encryptedFile) (((.Values).keyring).oci) (((.Values).keyring).example) ) }}
+{{- if (or (((.Values).keyring).kmip) (((.Values).keyring).file) (((.Values).keyring).encryptedFile) (((.Values).keyring).oci) ) }}
   keyring:
 {{- $keyringAlreadySpecified := "" }}
+  {{- if (((.Values).keyring).kmip) }}
+    {{- if $keyringAlreadySpecified }}
+      {{- $err := printf "Keyring '%s' already specified" $keyringAlreadySpecified }}
+      {{- fail $err }}
+    {{- end }}
+    {{- $keyringAlreadySpecified = "kmip" }}
+    {{- with .Values.keyring.kmip }}
+    kmip:
+      configuration: {{ required "keyring.kmip.configuration is required" .configuration | quote }}
+      {{- if hasKey . "cacheKeys" }}
+      cacheKeys: {{ .cacheKeys }}
+      {{- end }}
+      server: {{ required "keyring.kmip.server is required" .server | quote }}
+      {{- if hasKey . "standbyServer" }}
+      standbyServer: {{ toYaml .standbyServer | nindent 8 }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
   {{- if (((.Values).keyring).file) }}
     {{- if $keyringAlreadySpecified }}
       {{- $err := printf "Keyring '%s' already specified" $keyringAlreadySpecified }}
@@ -239,19 +257,6 @@ spec:
       {{- end }}
     {{- end }}
   {{- end }}
-
-  {{- if (((.Values).keyring).example) }}
-    {{- if $keyringAlreadySpecified }}
-      {{- $err := printf "Keyring '%s' already specified" $keyringAlreadySpecified }}
-      {{- fail $err }}
-    {{- end }}
-    {{- $keyringAlreadySpecified = "example" }}
-    {{- with .Values.keyring.example }}
-    example:
-      fileName: {{ required "keyring.example.fileName is required" .fileName | quote }}
-    {{- end }}
-  {{- end }}
-
 {{- end }}
   # InitDB
 {{- if (.Values).initDB }}
 
@@ -103,6 +103,29 @@ spec:
                   type: object
                   description: "Keyring specification"
                   properties:
+                    kmip:
+                      type: object
+                      description: "Keyring 'KMIP' specification"
+                      required: ["configuration", "server"]
+                      properties:
+                        configuration:
+                          type: string
+                          default: ""
+                          description: "Name of a secret that contains TLS certificates"
+                        cacheKeys:
+                          type: boolean
+                          default: true
+                          description: "Whether the keys are cached by the MySQL Server in RAM in plaintext. If set to false the keys are decrypted on every access"
+                        server:
+                          type: string
+                          default: ""
+                          description: "Primary OKV Server host with port number in the format <host>:<port>"
+                        standbyServer:
+                          type: array
+                          default: []
+                          description: "A list of standby servers in the format <host>:<port>"
+                          items:
+                            type: string
                     file:
                       type: object
                       description: "Keyring 'File' specification"