Closed bernardjkim closed 3 years ago
Just some clean up. It looks like master-docker.mk is unused and is the same as planet.mk
Would you split these out into a separate PR please? I'm all for clean up, but it gives a much cleaner history if orthogonal changes are independent.
Description
These changes allow Kubernetes resources to be encrypted at rest.
aws-encryption-provider binary is now built into Planet. A systemd unit file and an encryption-configuration file are also included. The configuration file can be found under
/etc/kubernetes/encryption-configuration.yaml
.Planet now takes flags for:
--encryption-provider
--aws-account-id
--aws-key-id
--aws-key-region
If encryption is enabled, the
aws-encryption-provider
service is enabled and thekube-apiserver
will be configured with the flag--encryption-provider-config=/etc/kubernetes/encryption-configuration.yaml