From 4e6d5dddfb366d2edf4bc63a728982fe792c998c Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Mon, 13 Feb 2023 06:31:22 +0000 Subject: [PATCH] [KMSv2] Add kind cluster and encryption config for e2e Signed-off-by: Anish Ramasekar --- .../e2e/testing-manifests/auth/encrypt/OWNERS | 8 +++++ .../auth/encrypt/encryption-config.yaml | 10 ++++++ .../testing-manifests/auth/encrypt/kind.yaml | 31 +++++++++++++++++++ 3 files changed, 49 insertions(+) create mode 100644 test/e2e/testing-manifests/auth/encrypt/OWNERS create mode 100644 test/e2e/testing-manifests/auth/encrypt/encryption-config.yaml create mode 100644 test/e2e/testing-manifests/auth/encrypt/kind.yaml diff --git a/test/e2e/testing-manifests/auth/encrypt/OWNERS b/test/e2e/testing-manifests/auth/encrypt/OWNERS new file mode 100644 index 00000000000..d2ea8ec60ca --- /dev/null +++ b/test/e2e/testing-manifests/auth/encrypt/OWNERS @@ -0,0 +1,8 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +approvers: + - sig-auth-encryption-at-rest-approvers +reviewers: + - sig-auth-encryption-at-rest-reviewers +labels: + - sig/auth diff --git a/test/e2e/testing-manifests/auth/encrypt/encryption-config.yaml b/test/e2e/testing-manifests/auth/encrypt/encryption-config.yaml new file mode 100644 index 00000000000..6416ab080a4 --- /dev/null +++ b/test/e2e/testing-manifests/auth/encrypt/encryption-config.yaml @@ -0,0 +1,10 @@ +apiVersion: apiserver.config.k8s.io/v1 +kind: EncryptionConfiguration +resources: + - resources: + - secrets + providers: + - secretbox: + keys: + - name: key1 + secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY= diff --git a/test/e2e/testing-manifests/auth/encrypt/kind.yaml b/test/e2e/testing-manifests/auth/encrypt/kind.yaml new file mode 100644 index 00000000000..0f91fb7c51e --- /dev/null +++ b/test/e2e/testing-manifests/auth/encrypt/kind.yaml @@ -0,0 +1,31 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: +- role: control-plane + extraMounts: + - containerPath: /etc/kubernetes/encryption-config.yaml + hostPath: test/e2e/testing-manifests/auth/encrypt/encryption-config.yaml + readOnly: true + propagation: None + kubeadmConfigPatches: + - | + kind: ClusterConfiguration + apiServer: + extraArgs: + encryption-provider-config: "/etc/kubernetes/encryption-config.yaml" + v: "5" + extraVolumes: + - name: encryption-config + hostPath: "/etc/kubernetes/encryption-config.yaml" + mountPath: "/etc/kubernetes/encryption-config.yaml" + readOnly: true + pathType: File + scheduler: + extraArgs: + v: "5" + controllerManager: + extraArgs: + v: "5" +- role: worker +- role: worker +- role: worker