github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 10:51:29 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #99196 from yue9944882/feat/aa-server-encryption

Browse Source 
Support storage encryption for aggregation server
This commit is contained in:
Kubernetes Prow Robot 2021-02-24 00:38:50 -08:00 committed by GitHub
commit c78f67a005
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
staging/src/k8s.io/apiserver/pkg/server/options/BUILD
View File

@ -68,6 +68,7 @@ go_library(
"//staging/src/k8s.io/apiserver/pkg/server/storage:go_default_library", "//staging/src/k8s.io/apiserver/pkg/server/storage:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library", "//staging/src/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory:go_default_library", "//staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/storage/value:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library", "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/flowcontrol:go_default_library", "//staging/src/k8s.io/apiserver/pkg/util/flowcontrol:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library", "//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",

23
staging/src/k8s.io/apiserver/pkg/server/options/etcd.go
View File

@ -35,6 +35,7 @@ import (
serverstorage "k8s.io/apiserver/pkg/server/storage" serverstorage "k8s.io/apiserver/pkg/server/storage"
"k8s.io/apiserver/pkg/storage/storagebackend" "k8s.io/apiserver/pkg/storage/storagebackend"
storagefactory "k8s.io/apiserver/pkg/storage/storagebackend/factory" storagefactory "k8s.io/apiserver/pkg/storage/storagebackend/factory"
"k8s.io/apiserver/pkg/storage/value"
"k8s.io/klog/v2" "k8s.io/klog/v2"
) )
@ -196,7 +197,19 @@ func (s *EtcdOptions) ApplyTo(c *server.Config) error {
if err := s.addEtcdHealthEndpoint(c); err != nil { if err := s.addEtcdHealthEndpoint(c); err != nil {
return err return err
} }
c.RESTOptionsGetter = &SimpleRestOptionsFactory{Options: *s} transformerOverrides := make(map[schema.GroupResource]value.Transformer)
if len(s.EncryptionProviderConfigFilepath) > 0 {
var err error
transformerOverrides, err = encryptionconfig.GetTransformerOverrides(s.EncryptionProviderConfigFilepath)
if err != nil {
return err
}
}
c.RESTOptionsGetter = &SimpleRestOptionsFactory{
Options: *s,
TransformerOverrides: transformerOverrides,
}
return nil return nil
} }
@ -229,7 +242,8 @@ func (s *EtcdOptions) addEtcdHealthEndpoint(c *server.Config) error {
} }
type SimpleRestOptionsFactory struct { type SimpleRestOptionsFactory struct {
Options EtcdOptions Options EtcdOptions
TransformerOverrides map[schema.GroupResource]value.Transformer
} }
func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error) { func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error) {
@ -241,6 +255,11 @@ func (f *SimpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource)
ResourcePrefix: resource.Group + "/" + resource.Resource, ResourcePrefix: resource.Group + "/" + resource.Resource,
CountMetricPollPeriod: f.Options.StorageConfig.CountMetricPollPeriod, CountMetricPollPeriod: f.Options.StorageConfig.CountMetricPollPeriod,
} }
if f.TransformerOverrides != nil {
if transformer, ok := f.TransformerOverrides[resource]; ok {
ret.StorageConfig.Transformer = transformer
}
}
if f.Options.EnableWatchCache { if f.Options.EnableWatchCache {
sizes, err := ParseWatchCacheSizes(f.Options.WatchCacheSizes) sizes, err := ParseWatchCacheSizes(f.Options.WatchCacheSizes)
if err != nil { if err != nil {