From dcf4821cd4c798aa08e6b31c5474717c7164945a Mon Sep 17 00:00:00 2001 From: yue9944882 <291271447@qq.com> Date: Thu, 18 Feb 2021 19:10:50 +0800 Subject: [PATCH] support storage encryption for aa server --- .../k8s.io/apiserver/pkg/server/options/BUILD | 1 + .../apiserver/pkg/server/options/etcd.go | 23 +++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD index bd4fcd1ff72..25cc40c3da0 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD +++ b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD @@ -68,6 +68,7 @@ go_library( "//staging/src/k8s.io/apiserver/pkg/server/storage:go_default_library", "//staging/src/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library", "//staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory:go_default_library", + "//staging/src/k8s.io/apiserver/pkg/storage/value:go_default_library", "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library", "//staging/src/k8s.io/apiserver/pkg/util/flowcontrol:go_default_library", "//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library", diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go b/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go index c0c61aaf212..d8b45b8198f 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go @@ -35,6 +35,7 @@ import ( serverstorage "k8s.io/apiserver/pkg/server/storage" "k8s.io/apiserver/pkg/storage/storagebackend" storagefactory "k8s.io/apiserver/pkg/storage/storagebackend/factory" + "k8s.io/apiserver/pkg/storage/value" "k8s.io/klog/v2" ) @@ -196,7 +197,19 @@ func (s *EtcdOptions) ApplyTo(c *server.Config) error { if err := s.addEtcdHealthEndpoint(c); err != nil { return err } - c.RESTOptionsGetter = &SimpleRestOptionsFactory{Options: *s} + transformerOverrides := make(map[schema.GroupResource]value.Transformer) + if len(s.EncryptionProviderConfigFilepath) > 0 { + var err error + transformerOverrides, err = encryptionconfig.GetTransformerOverrides(s.EncryptionProviderConfigFilepath) + if err != nil { + return err + } + } + + c.RESTOptionsGetter = &SimpleRestOptionsFactory{ + Options: *s, + TransformerOverrides: transformerOverrides, + } return nil } @@ -229,7 +242,8 @@ func (s *EtcdOptions) addEtcdHealthEndpoint(c *server.Config) error { } type SimpleRestOptionsFactory struct { - Options EtcdOptions + Options EtcdOptions + TransformerOverrides map[schema.GroupResource]value.Transformer } func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error) { @@ -241,6 +255,11 @@ func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) ResourcePrefix: resource.Group + "/" + resource.Resource, CountMetricPollPeriod: f.Options.StorageConfig.CountMetricPollPeriod, } + if f.TransformerOverrides != nil { + if transformer, ok := f.TransformerOverrides[resource]; ok { + ret.StorageConfig.Transformer = transformer + } + } if f.Options.EnableWatchCache { sizes, err := ParseWatchCacheSizes(f.Options.WatchCacheSizes) if err != nil {