epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 19:58:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added option for encrypting secrets to etcd v.2 (#2428)

Browse Source 
* Added option for encrypting secrets to etcd

* Fix keylength to 32

* Forgot the default

* Rename secrets.yaml to secrets_encryption.yaml

* Fix static path for secrets file to use ansible variable

* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2

* Base64 encode the token

* Fixed merge error

* Changed path to credentials dir

* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions

* Add encryption option to k8s-cluster.yml
This commit is contained in:
Andreas Krüger
2018-03-15 20:20:05 +01:00
committed by Matthew Mosesohn
parent d843e3d562
commit 3d6fd49179
7 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
View File

@@ -103,6 +103,9 @@ spec:
{% if authorization_modes %}
- --authorization-mode={{ authorization_modes|join(',') }}
{% endif %}
{% if kube_encrypt_secret_data %}
- --experimental-encryption-provider-config={{ kube_config_dir }}/ssl/secrets_encryption.yaml
{% endif %}
{% if kube_feature_gates %}
- --feature-gates={{ kube_feature_gates|join(',') }}
{% endif %}