3d6fd49179
* Added option for encrypting secrets to etcd * Fix keylength to 32 * Forgot the default * Rename secrets.yaml to secrets_encryption.yaml * Fix static path for secrets file to use ansible variable * Rename secrets.yaml.j2 to secrets_encryption.yaml.j2 * Base64 encode the token * Fixed merge error * Changed path to credentials dir * Update path to secrets file which is now readable inside the apiserver container. Set better file permissions * Add encryption option to k8s-cluster.yml
11 lines
240 B
Django/Jinja
11 lines
240 B
Django/Jinja
kind: EncryptionConfig
|
|
apiVersion: v1
|
|
resources:
|
|
- resources:
|
|
- secrets
|
|
providers:
|
|
- {{ kube_encryption_algorithm }}:
|
|
keys:
|
|
- name: key
|
|
secret: {{ kube_encrypt_token | b64encode }}
|
|
- identity: {}
|