Document timeout attribute for kms-plugin. (#12158)

See 72540.
kubernetes · Jan 23, 2019 · cefff92 · cefff92
1 parent 4652684
commit cefff92
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/content/en/docs/tasks/administer-cluster/kms-provider.md b/content/en/docs/tasks/administer-cluster/kms-provider.md
@@ -31,7 +31,8 @@ To configure a KMS provider on the API server, include a provider of type ```kms
 
   * `name`: Display name of the KMS plugin.
   * `endpoint`: Listen address of the gRPC server (KMS plugin). The endpoint is a UNIX domain socket.
-  * `cachesize`: Number of data encryption keys (DEKs) to be cached in the clear. When cached, DEKs can be used without another call to the KMS; whereas DEKs that are not cached require a call to the KMS to unwrap.. 
+  * `cachesize`: Number of data encryption keys (DEKs) to be cached in the clear. When cached, DEKs can be used without another call to the KMS; whereas DEKs that are not cached require a call to the KMS to unwrap.
+  * `timeout`: How long should kube-apiserver wait for kms-plugin to respond before returning an error (default is 3 seconds).
 
 See [Understanding the encryption at rest configuration.](/docs/tasks/administer-cluster/encrypt-data)
 
@@ -89,6 +90,7 @@ resources:
         name: myKmsPlugin
         endpoint: unix:///tmp/socketfile.sock
         cachesize: 100
+        timeout: 3s
    - identity: {}
 ```