From a53531e629301f733b406160d04ef6a4964e7891 Mon Sep 17 00:00:00 2001 From: Slava Semushin Date: Thu, 22 Jun 2017 18:46:25 +0200 Subject: [PATCH] Get encryption configuration from a config and apply resource transformers. --- pkg/cmd/server/kubernetes/master/master_config.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pkg/cmd/server/kubernetes/master/master_config.go b/pkg/cmd/server/kubernetes/master/master_config.go index eebd7ad1b917..910c35e25088 100644 --- a/pkg/cmd/server/kubernetes/master/master_config.go +++ b/pkg/cmd/server/kubernetes/master/master_config.go @@ -36,6 +36,7 @@ import ( kgenericfilters "k8s.io/apiserver/pkg/server/filters" apiserveroptions "k8s.io/apiserver/pkg/server/options" genericoptions "k8s.io/apiserver/pkg/server/options" + "k8s.io/apiserver/pkg/server/options/encryptionconfig" apiserverstorage "k8s.io/apiserver/pkg/server/storage" "k8s.io/apiserver/pkg/storage" storagefactory "k8s.io/apiserver/pkg/storage/storagebackend/factory" @@ -216,6 +217,17 @@ func BuildStorageFactory(masterConfig configapi.MasterConfig, server *kapiserver // keep Deployments in extensions for backwards compatibility, we'll have to migrate at some point, eventually storageFactory.AddCohabitatingResources(extensions.Resource("deployments"), apps.Resource("deployments")) + if server.Etcd.EncryptionProviderConfigFilepath != "" { + glog.V(4).Infof("Reading encryption configuration from %q", server.Etcd.EncryptionProviderConfigFilepath) + transformerOverrides, err := encryptionconfig.GetTransformerOverrides(server.Etcd.EncryptionProviderConfigFilepath) + if err != nil { + return nil, err + } + for groupResource, transformer := range transformerOverrides { + storageFactory.SetTransformer(groupResource, transformer) + } + } + return storageFactory, nil }