Add encryption provider support via env variables

2025-07-30 15:05:27 +00:00 · 2017-06-13 15:04:04 -07:00 · 2017-06-13 15:04:04 -07:00 · a50114ac02
commit a50114ac02
parent 7560142e27
1 changed files with 7 additions and 1 deletions
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@ -1393,6 +1393,12 @@ function start-kube-apiserver {
    container_env="\"env\":[{\"name\": \"KUBE_CACHE_MUTATION_DETECTOR\", \"value\": \"${ENABLE_CACHE_MUTATION_DETECTOR}\"}],"
  fi

+  if [[ -n "${ENCRYPTION_PROVIDER_CONFIG:-}" ]]; then
+    local encryption_provider_config_path="/etc/srv/kubernetes/encryption-provider-config.yml"
+    echo "${ENCRYPTION_PROVIDER_CONFIG}" | base64 --decode > "${encryption_provider_config_path}"
+    params+=" --experimental-encryption-provider-config=${encryption_provider_config_path}"
+  fi
+
  src_file="${src_dir}/kube-apiserver.manifest"
  remove-salt-config-comments "${src_file}"
  # Evaluate variables.
@ -1679,7 +1685,7 @@ function start-kube-addons {
  if [[ "${NETWORK_POLICY_PROVIDER:-}" == "calico" ]]; then
    setup-addon-manifests "addons" "calico-policy-controller"

-    # Configure Calico based on cluster size and image type. 
+    # Configure Calico based on cluster size and image type.
    local -r ds_file="${dst_dir}/calico-policy-controller/calico-node-daemonset.yaml"
    local -r typha_dep_file="${dst_dir}/calico-policy-controller/typha-deployment.yaml"
    sed -i -e "s@__CALICO_CNI_DIR__@/home/kubernetes/bin@g" "${ds_file}"