kubespray/roles/kubernetes/master/tasks/encrypt-at-rest.yml

11 lines
266 B
YAML

---
- name: Write secrets for encrypting secret data at rest
template:
src: secrets_encryption.yaml.j2
dest: "{{ kube_config_dir }}/ssl/secrets_encryption.yaml"
owner: root
group: "{{ kube_cert_group }}"
mode: 0640
tags:
- kube-apiserver