Effective Kubernetes 1.10, a new feature called KMS Encryption Provider lets organizations bring their own KMS (ideally an integrated HSM).
The steps to encrypt Kubernetes secrets with Key(s) stored in Fortanix Data Security Manager is described in Kubernetes KMS Plugin for Self-Defending KMS.