From c085031a8f3f366708f9b7aa7ab1695d802d9f5a Mon Sep 17 00:00:00 2001 From: Rita Zhang Date: Mon, 28 Nov 2022 07:18:02 -0800 Subject: [PATCH] Update the godoc on the encryption config API on how to specify group/resources to be encrypted Signed-off-by: Rita Zhang --- .../k8s.io/apiserver/pkg/apis/config/types.go | 21 +++++++++++++++++-- .../apiserver/pkg/apis/config/v1/types.go | 21 +++++++++++++++++-- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/staging/src/k8s.io/apiserver/pkg/apis/config/types.go b/staging/src/k8s.io/apiserver/pkg/apis/config/types.go index 72107fe6634..e81f34573bf 100644 --- a/staging/src/k8s.io/apiserver/pkg/apis/config/types.go +++ b/staging/src/k8s.io/apiserver/pkg/apis/config/types.go @@ -24,7 +24,23 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// EncryptionConfiguration stores the complete configuration for encryption providers. +/* +EncryptionConfiguration stores the complete configuration for encryption providers. +example: + + kind: EncryptionConfiguration + apiVersion: apiserver.config.k8s.io/v1 + resources: + - resources: + - secrets + - configmaps + - pandas.awesome.bears.example + providers: + - aescbc: + keys: + - name: key1 + secret: c2VjcmV0IGlzIHNlY3VyZQ== +*/ type EncryptionConfiguration struct { metav1.TypeMeta // resources is a list containing resources, and their corresponding encryption providers. @@ -33,7 +49,8 @@ type EncryptionConfiguration struct { // ResourceConfiguration stores per resource configuration. type ResourceConfiguration struct { - // resources is a list of kubernetes resources which have to be encrypted. + // resources is a list of kubernetes resources which have to be encrypted. The resource names are derived from `resource` or `resource.group` of the group/version/resource. + // eg: pandas.awesome.bears.example is a custom resource with 'group': awesome.bears.example, 'resource': pandas) Resources []string // providers is a list of transformers to be used for reading and writing the resources to disk. // eg: aesgcm, aescbc, secretbox, identity. diff --git a/staging/src/k8s.io/apiserver/pkg/apis/config/v1/types.go b/staging/src/k8s.io/apiserver/pkg/apis/config/v1/types.go index 23dab942ea3..522fe3167cb 100644 --- a/staging/src/k8s.io/apiserver/pkg/apis/config/v1/types.go +++ b/staging/src/k8s.io/apiserver/pkg/apis/config/v1/types.go @@ -24,7 +24,23 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// EncryptionConfiguration stores the complete configuration for encryption providers. +/* +EncryptionConfiguration stores the complete configuration for encryption providers. +example: + + kind: EncryptionConfiguration + apiVersion: apiserver.config.k8s.io/v1 + resources: + - resources: + - secrets + - configmaps + - pandas.awesome.bears.example + providers: + - aescbc: + keys: + - name: key1 + secret: c2VjcmV0IGlzIHNlY3VyZQ== +*/ type EncryptionConfiguration struct { metav1.TypeMeta // resources is a list containing resources, and their corresponding encryption providers. @@ -33,7 +49,8 @@ type EncryptionConfiguration struct { // ResourceConfiguration stores per resource configuration. type ResourceConfiguration struct { - // resources is a list of kubernetes resources which have to be encrypted. + // resources is a list of kubernetes resources which have to be encrypted. The resource names are derived from `resource` or `resource.group` of the group/version/resource. + // eg: pandas.awesome.bears.example is a custom resource with 'group': awesome.bears.example, 'resource': pandas) Resources []string `json:"resources"` // providers is a list of transformers to be used for reading and writing the resources to disk. // eg: aesgcm, aescbc, secretbox, identity.