github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add configuration options for encryption providers

Browse Source 
Add location transformer, config for transformers

Location transformer helps choose the most specific transformer for
read/write operations depending on the path of resource being accessed.

Configuration allows use of --experimental-encryption-provider-config
to set up encryption providers. Only AEAD is supported at the moment.

Add new files to BUILD, AEAD => k8s-aes-gcm

Use group resources to select encryption provider

Update tests for configuration parsing

Remove location transformer

Allow specifying providers per resource group in configuration

Add IdentityTransformer configuration option

Fix minor issues with initial AEAD implementation

Unified parsing of all configurations

Parse configuration using a union struct

Run configuration parsing in APIserver, refactor parsing

More gdoc, fix minor bugs

Add test coverage for combined transformers

Use table driven tests for encryptionconfig
This commit is contained in:
Saksham Sharma
2017-05-23 17:30:49 -07:00
committed by Saksham Sharma
parent 68dd748ba1
commit 9760d00d08
15 changed files with 552 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hack/.linted_packages
View File

@@ -357,6 +357,7 @@ staging/src/k8s.io/apiserver/pkg/storage/names
staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory
staging/src/k8s.io/apiserver/pkg/storage/storagebackend/factory
staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/aes
staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/identity
staging/src/k8s.io/apiserver/pkg/util/flushwriter
staging/src/k8s.io/apiserver/pkg/util/logs
staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook