Add kube_encryption_resources variable to configure which resources are encrypted at rest (#5797)
This commit is contained in:
Maxime Guyot
GitHub
parent
8774d7e4d5
commit
a7a204ebca
2 changed files with 3 additions and 2 deletions
|
|
@ -152,6 +152,8 @@ kube_encrypt_secret_data: false
|
||||||
kube_encrypt_token: "{{ lookup('password', credentials_dir + '/kube_encrypt_token.creds length=32 chars=ascii_letters,digits') }}"
|
kube_encrypt_token: "{{ lookup('password', credentials_dir + '/kube_encrypt_token.creds length=32 chars=ascii_letters,digits') }}"
|
||||||
# Must be either: aescbc, secretbox or aesgcm
|
# Must be either: aescbc, secretbox or aesgcm
|
||||||
kube_encryption_algorithm: "aescbc"
|
kube_encryption_algorithm: "aescbc"
|
||||||
|
# Which kubernetes resources to encrypt
|
||||||
|
kube_encryption_resources: [secrets]
|
||||||
|
|
||||||
# You may want to use ca.pem depending on your situation
|
# You may want to use ca.pem depending on your situation
|
||||||
kube_front_proxy_ca: "front-proxy-ca.pem"
|
kube_front_proxy_ca: "front-proxy-ca.pem"
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,7 @@
|
||||||
kind: EncryptionConfig
|
kind: EncryptionConfig
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
resources:
|
resources:
|
||||||
- resources:
|
- resources: {{ kube_encryption_resources }}
|
||||||
- secrets
|
|
||||||
providers:
|
providers:
|
||||||
- {{ kube_encryption_algorithm }}:
|
- {{ kube_encryption_algorithm }}:
|
||||||
keys:
|
keys:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue