KMS gRPC plugin integration with kube-apiserver

I am trying to integration AWS KMS plugin with kube-apiserver. I’m using aws-encryption-provider
docker image for my testing. I am running aws-encryption-provider as docker containter and when I am trying to run k3s single node cluster it is failing and failure is in kube-api-server.

Since KMS plugin and KMS provider communication is not setup, Is kube-api failure expected ?

Please note that I have confirmed that KMS plugin is up and running by sending //healthz request.

"[+]ping ok

\n[+]log ok

\n[+]etcd ok

\n[-]kms-provider-0 failed: reason withheld

\n[+]poststarthook/start-kube-apiserver-admission-initializer ok

\n[+]poststarthook/generic-apiserver-start-informers ok

\n[+]poststarthook/start-apiextensions-informers ok

\n[+]poststarthook/start-apiextensions-controllers ok

\n[+]poststarthook/crd-informer-synced ok

\n[+]poststarthook/bootstrap-controller ok

\n[+]poststarthook/rbac/bootstrap-roles ok

\n[+]poststarthook/scheduling/bootstrap-system-priority-classes ok

\n[+]poststarthook/start-cluster-authentication-info-controller ok

\n[+]poststarthook/start-kube-aggregator-informers ok

\n[+]poststarthook/apiservice-registration-controller ok

\n[+]poststarthook/apiservice-status-available-controller ok

\n[+]poststarthook/kube-apiserver-autoregistration ok

\n[+]autoregister-completion ok

\n[+]poststarthook/apiservice-openapi-controller ok

Cluster information:

Kubernetes version: v1.18.6+k3s1
Cloud being used: (put bare-metal if not on a public cloud)
Installation method: K3s
Host OS: Ubuntu
CNI and version:
CRI and version:

apiVersion: apps/v1
kind: Pod
metadata:
name: aws-encryption-provider
namespace: default
spec:
replicas: 1
containers:

  • image: tapanhalani/aws-encryption-provider
    name: ans-encryption-provider
    command:
    • /aws-encryption-provider
    • –key=arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
    • –region=us-west-2
    • –listen=/var/run/kmsplugin/socket.sock
      ports:
    • containerPort: 8080
      protocol: TCP
      livenessProbe:
      httpGet:
      path: /healthz
      port: 8080
      volumeMounts:
    • mountPath: /var/run/kmsplugin
      name: var-run-kmsplugin
      volumes:
  • name: var-run-kmsplugin
    hostPath:
    path: /var/run/kmsplugin
    type: DirectoryOrCreate