c12s-kubespray/roles/kubernetes/master/tasks/encrypt-at-rest.yml

---
- name: Write secrets for encrypting secret data at rest
  template:
    src: secrets_encryption.yaml.j2
    dest: "{{ kube_cert_dir }}/secrets_encryption.yaml"
    owner: root
    group: "{{ kube_cert_group }}"
    mode: 0640
  tags:
    - kube-apiserver
Added option for encrypting secrets to etcd v.2 (#2428) * Added option for encrypting secrets to etcd * Fix keylength to 32 * Forgot the default * Rename secrets.yaml to secrets_encryption.yaml * Fix static path for secrets file to use ansible variable * Rename secrets.yaml.j2 to secrets_encryption.yaml.j2 * Base64 encode the token * Fixed merge error * Changed path to credentials dir * Update path to secrets file which is now readable inside the apiserver container. Set better file permissions * Add encryption option to k8s-cluster.yml 2018-03-15 19:20:05 +00:00			`---`
			`- name: Write secrets for encrypting secret data at rest`
			`template:`
			`src: secrets_encryption.yaml.j2`
Streamline path to certs dir (#3836) * Streamline path to certs dir * More fixes * Set path to etcd certs in kubernetes defaults instead 2018-12-07 07:11:53 +00:00			`dest: "{{ kube_cert_dir }}/secrets_encryption.yaml"`
Added option for encrypting secrets to etcd v.2 (#2428) * Added option for encrypting secrets to etcd * Fix keylength to 32 * Forgot the default * Rename secrets.yaml to secrets_encryption.yaml * Fix static path for secrets file to use ansible variable * Rename secrets.yaml.j2 to secrets_encryption.yaml.j2 * Base64 encode the token * Fixed merge error * Changed path to credentials dir * Update path to secrets file which is now readable inside the apiserver container. Set better file permissions * Add encryption option to k8s-cluster.yml 2018-03-15 19:20:05 +00:00			`owner: root`
			`group: "{{ kube_cert_group }}"`
			`mode: 0640`
			`tags:`
			`- kube-apiserver`