github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Update the godoc on the encryption config API on how to specify group/resources to be encrypted

Browse Source 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
This commit is contained in:
Rita Zhang 2022-11-28 07:18:02 -08:00
parent 7061704297
commit c085031a8f
No known key found for this signature in database
GPG Key ID: 0B1D9C98A2BFE852
2 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
staging/src/k8s.io/apiserver/pkg/apis/config/types.go
View File

@ -24,7 +24,23 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EncryptionConfiguration stores the complete configuration for encryption providers. /*
EncryptionConfiguration stores the complete configuration for encryption providers.
example:
kind: EncryptionConfiguration
apiVersion: apiserver.config.k8s.io/v1
resources:
- resources:
- secrets
- configmaps
- pandas.awesome.bears.example
providers:
- aescbc:
keys:
- name: key1
secret: c2VjcmV0IGlzIHNlY3VyZQ==
*/
type EncryptionConfiguration struct { type EncryptionConfiguration struct {
metav1.TypeMeta metav1.TypeMeta
// resources is a list containing resources, and their corresponding encryption providers. // resources is a list containing resources, and their corresponding encryption providers.
@ -33,7 +49,8 @@ type EncryptionConfiguration struct {
// ResourceConfiguration stores per resource configuration. // ResourceConfiguration stores per resource configuration.
type ResourceConfiguration struct { type ResourceConfiguration struct {
// resources is a list of kubernetes resources which have to be encrypted. // resources is a list of kubernetes resources which have to be encrypted. The resource names are derived from `resource` or `resource.group` of the group/version/resource.
// eg: pandas.awesome.bears.example is a custom resource with 'group': awesome.bears.example, 'resource': pandas)
Resources []string Resources []string
// providers is a list of transformers to be used for reading and writing the resources to disk. // providers is a list of transformers to be used for reading and writing the resources to disk.
// eg: aesgcm, aescbc, secretbox, identity. // eg: aesgcm, aescbc, secretbox, identity.

21
staging/src/k8s.io/apiserver/pkg/apis/config/v1/types.go
View File

@ -24,7 +24,23 @@ import (
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EncryptionConfiguration stores the complete configuration for encryption providers. /*
EncryptionConfiguration stores the complete configuration for encryption providers.
example:
kind: EncryptionConfiguration
apiVersion: apiserver.config.k8s.io/v1
resources:
- resources:
- secrets
- configmaps
- pandas.awesome.bears.example
providers:
- aescbc:
keys:
- name: key1
secret: c2VjcmV0IGlzIHNlY3VyZQ==
*/
type EncryptionConfiguration struct { type EncryptionConfiguration struct {
metav1.TypeMeta metav1.TypeMeta
// resources is a list containing resources, and their corresponding encryption providers. // resources is a list containing resources, and their corresponding encryption providers.
@ -33,7 +49,8 @@ type EncryptionConfiguration struct {
// ResourceConfiguration stores per resource configuration. // ResourceConfiguration stores per resource configuration.
type ResourceConfiguration struct { type ResourceConfiguration struct {
// resources is a list of kubernetes resources which have to be encrypted. // resources is a list of kubernetes resources which have to be encrypted. The resource names are derived from `resource` or `resource.group` of the group/version/resource.
// eg: pandas.awesome.bears.example is a custom resource with 'group': awesome.bears.example, 'resource': pandas)
Resources []string `json:"resources"` Resources []string `json:"resources"`
// providers is a list of transformers to be used for reading and writing the resources to disk. // providers is a list of transformers to be used for reading and writing the resources to disk.
// eg: aesgcm, aescbc, secretbox, identity. // eg: aesgcm, aescbc, secretbox, identity.