Merge pull request #47481 from sakshamsharma/encprovenv

Automatic merge from submit-queue

Add encryption provider support via environment variables

These changes are needed to allow cloud providers to use the encryption providers as an alpha feature. The version checks can be done in the respective cloud providers'.

Context: #46460 and #46916

@destijl @jcbsmpsn @smarterclayton
This commit is contained in:
Kubernetes Submit Queue 2017-06-15 20:39:57 -07:00 committed by GitHub
commit 8e1cf60a48

View File

@ -1374,6 +1374,12 @@ function start-kube-apiserver {
container_env="\"env\":[{\"name\": \"KUBE_CACHE_MUTATION_DETECTOR\", \"value\": \"${ENABLE_CACHE_MUTATION_DETECTOR}\"}],"
fi
if [[ -n "${ENCRYPTION_PROVIDER_CONFIG:-}" ]]; then
local encryption_provider_config_path="/etc/srv/kubernetes/encryption-provider-config.yml"
echo "${ENCRYPTION_PROVIDER_CONFIG}" | base64 --decode > "${encryption_provider_config_path}"
params+=" --experimental-encryption-provider-config=${encryption_provider_config_path}"
fi
src_file="${src_dir}/kube-apiserver.manifest"
remove-salt-config-comments "${src_file}"
# Evaluate variables.
@ -1660,7 +1666,7 @@ function start-kube-addons {
if [[ "${NETWORK_POLICY_PROVIDER:-}" == "calico" ]]; then
setup-addon-manifests "addons" "calico-policy-controller"
# Configure Calico based on cluster size and image type.
# Configure Calico based on cluster size and image type.
local -r ds_file="${dst_dir}/calico-policy-controller/calico-node-daemonset.yaml"
local -r typha_dep_file="${dst_dir}/calico-policy-controller/typha-deployment.yaml"
sed -i -e "s@__CALICO_CNI_DIR__@/home/kubernetes/bin@g" "${ds_file}"