Merge pull request #114163 from ritazh/encryption-godoc

Update the godoc on the encryption config API on how to specify group…

staging/src/k8s.io/apiserver/pkg/apis/config/types.go

@@ -24,7 +24,23 @@ import (
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
-// EncryptionConfiguration stores the complete configuration for encryption providers.
+/*
+EncryptionConfiguration stores the complete configuration for encryption providers.
+example:
+
+	kind: EncryptionConfiguration
+	apiVersion: apiserver.config.k8s.io/v1
+	resources:
+	- resources:
+	  - secrets
+	  - configmaps
+	  - pandas.awesome.bears.example
+	  providers:
+	  - aescbc:
+	      keys:
+	      - name: key1
+	        secret: c2VjcmV0IGlzIHNlY3VyZQ==
+*/
 type EncryptionConfiguration struct {
 	metav1.TypeMeta
 	// resources is a list containing resources, and their corresponding encryption providers.
@@ -33,7 +49,8 @@ type EncryptionConfiguration struct {
 
 // ResourceConfiguration stores per resource configuration.
 type ResourceConfiguration struct {
-	// resources is a list of kubernetes resources which have to be encrypted.
+	// resources is a list of kubernetes resources which have to be encrypted. The resource names are derived from `resource` or `resource.group` of the group/version/resource.
+	// eg: pandas.awesome.bears.example is a custom resource with 'group': awesome.bears.example, 'resource': pandas)
 	Resources []string
 	// providers is a list of transformers to be used for reading and writing the resources to disk.
 	// eg: aesgcm, aescbc, secretbox, identity.

staging/src/k8s.io/apiserver/pkg/apis/config/v1/types.go

@@ -24,7 +24,23 @@ import (
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
-// EncryptionConfiguration stores the complete configuration for encryption providers.
+/*
+EncryptionConfiguration stores the complete configuration for encryption providers.
+example:
+
+	kind: EncryptionConfiguration
+	apiVersion: apiserver.config.k8s.io/v1
+	resources:
+	- resources:
+	  - secrets
+	  - configmaps
+	  - pandas.awesome.bears.example
+	  providers:
+	  - aescbc:
+	      keys:
+	      - name: key1
+	        secret: c2VjcmV0IGlzIHNlY3VyZQ==
+*/
 type EncryptionConfiguration struct {
 	metav1.TypeMeta
 	// resources is a list containing resources, and their corresponding encryption providers.
@@ -33,7 +49,8 @@ type EncryptionConfiguration struct {
 
 // ResourceConfiguration stores per resource configuration.
 type ResourceConfiguration struct {
-	// resources is a list of kubernetes resources which have to be encrypted.
+	// resources is a list of kubernetes resources which have to be encrypted. The resource names are derived from `resource` or `resource.group` of the group/version/resource.
+	// eg: pandas.awesome.bears.example is a custom resource with 'group': awesome.bears.example, 'resource': pandas)
 	Resources []string `json:"resources"`
 	// providers is a list of transformers to be used for reading and writing the resources to disk.
 	// eg: aesgcm, aescbc, secretbox, identity.