From dcf4821cd4c798aa08e6b31c5474717c7164945a Mon Sep 17 00:00:00 2001
From: yue9944882 <291271447@qq.com>
Date: Thu, 18 Feb 2021 19:10:50 +0800
Subject: [PATCH] support storage encryption for aa server

---
 .../k8s.io/apiserver/pkg/server/options/BUILD |  1 +
 .../apiserver/pkg/server/options/etcd.go      | 23 +++++++++++++++++--
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD
index bd4fcd1ff72..25cc40c3da0 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD
@@ -68,6 +68,7 @@ go_library(
         "//staging/src/k8s.io/apiserver/pkg/server/storage:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/storage/value:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/util/flowcontrol:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",
diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go b/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go
index c0c61aaf212..d8b45b8198f 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go
@@ -35,6 +35,7 @@ import (
 	serverstorage "k8s.io/apiserver/pkg/server/storage"
 	"k8s.io/apiserver/pkg/storage/storagebackend"
 	storagefactory "k8s.io/apiserver/pkg/storage/storagebackend/factory"
+	"k8s.io/apiserver/pkg/storage/value"
 	"k8s.io/klog/v2"
 )
 
@@ -196,7 +197,19 @@ func (s *EtcdOptions) ApplyTo(c *server.Config) error {
 	if err := s.addEtcdHealthEndpoint(c); err != nil {
 		return err
 	}
-	c.RESTOptionsGetter = &SimpleRestOptionsFactory{Options: *s}
+	transformerOverrides := make(map[schema.GroupResource]value.Transformer)
+	if len(s.EncryptionProviderConfigFilepath) > 0 {
+		var err error
+		transformerOverrides, err = encryptionconfig.GetTransformerOverrides(s.EncryptionProviderConfigFilepath)
+		if err != nil {
+			return err
+		}
+	}
+
+	c.RESTOptionsGetter = &SimpleRestOptionsFactory{
+		Options:              *s,
+		TransformerOverrides: transformerOverrides,
+	}
 	return nil
 }
 
@@ -229,7 +242,8 @@ func (s *EtcdOptions) addEtcdHealthEndpoint(c *server.Config) error {
 }
 
 type SimpleRestOptionsFactory struct {
-	Options EtcdOptions
+	Options              EtcdOptions
+	TransformerOverrides map[schema.GroupResource]value.Transformer
 }
 
 func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error) {
@@ -241,6 +255,11 @@ func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource)
 		ResourcePrefix:          resource.Group + "/" + resource.Resource,
 		CountMetricPollPeriod:   f.Options.StorageConfig.CountMetricPollPeriod,
 	}
+	if f.TransformerOverrides != nil {
+		if transformer, ok := f.TransformerOverrides[resource]; ok {
+			ret.StorageConfig.Transformer = transformer
+		}
+	}
 	if f.Options.EnableWatchCache {
 		sizes, err := ParseWatchCacheSizes(f.Options.WatchCacheSizes)
 		if err != nil {