github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-07 19:23:40 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #71206 from stlaz/enc_config_opt

Browse Source 
Rename '--experimental-encryption-provider-config' to '--encryption-provider-config'
This commit is contained in:
k8s-ci-robot 2018-11-21 11:30:12 -08:00 committed by GitHub
commit 2b0212de9c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/gce/gci/apiserver_manifest_test.go
View File

@ -98,7 +98,7 @@ func TestEncryptionProviderFlag(t *testing.T) {
// "-c", - Index 1 // "-c", - Index 1
// "exec /usr/local/bin/kube-apiserver " - Index 2 // "exec /usr/local/bin/kube-apiserver " - Index 2
execArgsIndex = 2 execArgsIndex = 2
encryptionConfigFlag = "--experimental-encryption-provider-config" encryptionConfigFlag = "--encryption-provider-config"
) )
testCases := []struct { testCases := []struct {

4
cluster/gce/gci/configure-helper.sh
View File

@ -1815,7 +1815,7 @@ function start-kube-apiserver {
# Sets-up etcd encryption. # Sets-up etcd encryption.
# Configuration of etcd level encryption consists of the following steps: # Configuration of etcd level encryption consists of the following steps:
# 1. Writing encryption provider config to disk # 1. Writing encryption provider config to disk
# 2. Adding experimental-encryption-provider-config flag to kube-apiserver # 2. Adding encryption-provider-config flag to kube-apiserver
# 3. Add kms-socket-vol and kms-socket-vol-mnt to enable communication with kms-plugin (if requested) # 3. Add kms-socket-vol and kms-socket-vol-mnt to enable communication with kms-plugin (if requested)
# #
# Expects parameters: # Expects parameters:
@ -1855,7 +1855,7 @@ function setup-etcd-encryption {
encryption_provider_config_path=${ENCRYPTION_PROVIDER_CONFIG_PATH:-/etc/srv/kubernetes/encryption-provider-config.yml} encryption_provider_config_path=${ENCRYPTION_PROVIDER_CONFIG_PATH:-/etc/srv/kubernetes/encryption-provider-config.yml}
echo "${ENCRYPTION_PROVIDER_CONFIG}" | base64 --decode > "${encryption_provider_config_path}" echo "${ENCRYPTION_PROVIDER_CONFIG}" | base64 --decode > "${encryption_provider_config_path}"
kube_api_server_params+=" --experimental-encryption-provider-config=${encryption_provider_config_path}" kube_api_server_params+=" --encryption-provider-config=${encryption_provider_config_path}"
default_encryption_provider_config_vol=$(echo "{ \"name\": \"encryptionconfig\", \"hostPath\": {\"path\": \"${encryption_provider_config_path}\", \"type\": \"File\"}}" | base64 | tr -d '\r\n') default_encryption_provider_config_vol=$(echo "{ \"name\": \"encryptionconfig\", \"hostPath\": {\"path\": \"${encryption_provider_config_path}\", \"type\": \"File\"}}" | base64 | tr -d '\r\n')
default_encryption_provider_config_vol_mnt=$(echo "{ \"name\": \"encryptionconfig\", \"mountPath\": \"${encryption_provider_config_path}\", \"readOnly\": true}" | base64 | tr -d '\r\n') default_encryption_provider_config_vol_mnt=$(echo "{ \"name\": \"encryptionconfig\", \"mountPath\": \"${encryption_provider_config_path}\", \"readOnly\": true}" | base64 | tr -d '\r\n')

4
staging/src/k8s.io/apiserver/pkg/server/options/etcd.go
View File

@ -164,6 +164,10 @@ func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&s.EncryptionProviderConfigFilepath, "experimental-encryption-provider-config", s.EncryptionProviderConfigFilepath, fs.StringVar(&s.EncryptionProviderConfigFilepath, "experimental-encryption-provider-config", s.EncryptionProviderConfigFilepath,
"The file containing configuration for encryption providers to be used for storing secrets in etcd") "The file containing configuration for encryption providers to be used for storing secrets in etcd")
fs.MarkDeprecated("experimental-encryption-provider-config", "use --encryption-provider-config.")
fs.StringVar(&s.EncryptionProviderConfigFilepath, "encryption-provider-config", s.EncryptionProviderConfigFilepath,
"The file containing configuration for encryption providers to be used for storing secrets in etcd")
fs.DurationVar(&s.StorageConfig.CompactionInterval, "etcd-compaction-interval", s.StorageConfig.CompactionInterval, fs.DurationVar(&s.StorageConfig.CompactionInterval, "etcd-compaction-interval", s.StorageConfig.CompactionInterval,
"The interval of compaction requests. If 0, the compaction request from apiserver is disabled.") "The interval of compaction requests. If 0, the compaction request from apiserver is disabled.")

2
test/integration/master/transformation_testcase.go
View File

@ -164,7 +164,7 @@ func (e *transformTest) getRawSecretFromETCD() ([]byte, error) {
func (e *transformTest) getEncryptionOptions() []string { func (e *transformTest) getEncryptionOptions() []string {
if e.transformerConfig != "" { if e.transformerConfig != "" {
return []string{"--experimental-encryption-provider-config", path.Join(e.configDir, encryptionConfigFileName)} return []string{"--encryption-provider-config", path.Join(e.configDir, encryptionConfigFileName)}
} }
return nil return nil