External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-06 11:11:15 -03:30
Code Issues Packages Projects Releases Wiki Activity

Adding ability to maintain existing Encryption Secrets at Rest. (#4255)

Browse Source 
* Adding ability to maintain existing Encryption Secrets at Rest.

If secrets_encryption.yaml is present it will not be overriten with a new kube_encrypt_token.

This should allow for it to be set ahead of a playbook running or maintain it if cluster.yml is ran on the same cluster and the ansible host does not have access to the secrets.

* Setting existing kube_encrypt_token across all master nodes in case it was missing in one or more nodes.
This commit is contained in:
Manuel Cintron
2019-02-19 09:31:45 -06:00
committed by Kubernetes Prow Robot
parent 802ac377b8
commit 07b2894080
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/kubernetes/master/defaults/main/main.yml
View File

@@ -163,3 +163,5 @@ kube_override_hostname: >-
{%- else -%}
{{ inventory_hostname }}
{%- endif -%}
secrets_encryption_query: "resources[*].providers[0].{{kube_encryption_algorithm}}.keys[0].secret"