Add kube_encryption_resources variable to configure which resources are encrypted at rest (#5797)

pull/5803/head
Maxime Guyot 2020-03-20 12:14:36 +01:00 committed by GitHub
parent 8774d7e4d5
commit a7a204ebca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 2 deletions

View File

@ -152,6 +152,8 @@ kube_encrypt_secret_data: false
kube_encrypt_token: "{{ lookup('password', credentials_dir + '/kube_encrypt_token.creds length=32 chars=ascii_letters,digits') }}"
# Must be either: aescbc, secretbox or aesgcm
kube_encryption_algorithm: "aescbc"
# Which kubernetes resources to encrypt
kube_encryption_resources: [secrets]
# You may want to use ca.pem depending on your situation
kube_front_proxy_ca: "front-proxy-ca.pem"

View File

@ -1,8 +1,7 @@
kind: EncryptionConfig
apiVersion: v1
resources:
- resources:
- secrets
- resources: {{ kube_encryption_resources }}
providers:
- {{ kube_encryption_algorithm }}:
keys: