From ddc8db7956cbf68afb1bb49401827e9b55ab139f Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 11 Jan 2020 03:35:03 +0100
Subject: kubernetes: new/updated kubeadm master role (WIP)

---
 .../kubeadm/master/templates/encryption-config.j2           | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 roles/kubernetes/kubeadm/master/templates/encryption-config.j2

(limited to 'roles/kubernetes/kubeadm/master/templates/encryption-config.j2')

diff --git a/roles/kubernetes/kubeadm/master/templates/encryption-config.j2 b/roles/kubernetes/kubeadm/master/templates/encryption-config.j2
new file mode 100644
index 00000000..a69ae84b
--- /dev/null
+++ b/roles/kubernetes/kubeadm/master/templates/encryption-config.j2
@@ -0,0 +1,13 @@
+kind: EncryptionConfiguration
+apiVersion: apiserver.config.k8s.io/v1
+resources:
+  - resources:
+    - secrets
+    providers:
+    - secretbox:
+        keys:
+{% for key in kubernetes.encryption_config_keys %}
+        - name: key{{ loop.index }}
+          secret: {{ key }}
+{% endfor %}
+    - identity: {}
-- 
cgit v1.2.3