c12s-kubespray/roles/kubernetes/master/tasks/encrypt-at-rest.yml at 0cb326b10fd1e8b8efe0a75824e451fefeff5f1a - C12s/c12s-kubespray - Forgejo

C12s/c12s-kubespray

Andreas Krüger 3d6fd49179 Added option for encrypting secrets to etcd v.2 (#2428 )

* Added option for encrypting secrets to etcd

* Fix keylength to 32

* Forgot the default

* Rename secrets.yaml to secrets_encryption.yaml

* Fix static path for secrets file to use ansible variable

* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2

* Base64 encode the token

* Fixed merge error

* Changed path to credentials dir

* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions

* Add encryption option to k8s-cluster.yml

2018-03-15 22:20:05 +03:00

10 lines

266 B

YAML

Raw Blame History

 ---
 - name: Write secrets for encrypting secret data at rest
   template:
     src: secrets_encryption.yaml.j2
     dest: "{{ kube_config_dir }}/ssl/secrets_encryption.yaml"
     owner: root
     group: "{{ kube_cert_group }}"
     mode: 0640
   tags:
     - kube-apiserver