Add kube_encryption_resources variable to configure which resources are encrypted at rest (#5797)
parent
8774d7e4d5
commit
a7a204ebca
|
@ -152,6 +152,8 @@ kube_encrypt_secret_data: false
|
|||
kube_encrypt_token: "{{ lookup('password', credentials_dir + '/kube_encrypt_token.creds length=32 chars=ascii_letters,digits') }}"
|
||||
# Must be either: aescbc, secretbox or aesgcm
|
||||
kube_encryption_algorithm: "aescbc"
|
||||
# Which kubernetes resources to encrypt
|
||||
kube_encryption_resources: [secrets]
|
||||
|
||||
# You may want to use ca.pem depending on your situation
|
||||
kube_front_proxy_ca: "front-proxy-ca.pem"
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
kind: EncryptionConfig
|
||||
apiVersion: v1
|
||||
resources:
|
||||
- resources:
|
||||
- secrets
|
||||
- resources: {{ kube_encryption_resources }}
|
||||
providers:
|
||||
- {{ kube_encryption_algorithm }}:
|
||||
keys:
|
||||
|
|
Loading…
Reference in New Issue