External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-20 15:27:56 -02:30
Code Issues Packages Projects Releases Wiki Activity

Added option for encrypting secrets to etcd v.2 (#2428)

Browse Source 
* Added option for encrypting secrets to etcd

* Fix keylength to 32

* Forgot the default

* Rename secrets.yaml to secrets_encryption.yaml

* Fix static path for secrets file to use ansible variable

* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2

* Base64 encode the token

* Fixed merge error

* Changed path to credentials dir

* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions

* Add encryption option to k8s-cluster.yml
This commit is contained in:
Andreas Krüger
2018-03-15 20:20:05 +01:00
committed by Matthew Mosesohn
parent d843e3d562
commit 3d6fd49179
7 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/kubernetes/master/tasks/main.yml
View File

@@ -12,6 +12,9 @@
- import_tasks: users-file.yml
when: kube_basic_auth|default(true)
- import_tasks: encrypt-at-rest.yml
when: kube_encrypt_secret_data
- name: Compare host kubectl with hyperkube container
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/cmp /hyperkube /systembindir/kubectl"
register: kubectl_task_compare_result