f893cddfba
Automatic merge from submit-queue (batch tested with PRs 46550, 46663, 46816, 46820, 46460)
Add configuration for encryption providers
## Additions
Allows providing a configuration file (using flag `--experimental-encryption-provider-config`) to use the existing AEAD transformer (with multiple keys) by composing mutable transformer, prefix transformer (for parsing providerId), another prefix transformer (for parsing keyId), and AES-GCM transformers (one for each key). Multiple providers can be configured using the configuration file.
Example configuration:
```
kind: EncryptionConfig
apiVersion: v1
resources:
- resources:
- namespaces
providers:
- aes:
keys:
- name: key1
secret: c2vjcmv0iglzihnly3vyzq==
- name: key2
secret: dghpcybpcybwyxnzd29yza==
- identity: {}
```
Need for configuration discussed in:
#41939
[Encryption](
|
||
|---|---|---|
| .. | ||
| src/k8s.io | ||
| OWNERS | ||
| README.md | ||
| copy.sh | ||
| godeps-json-updater.go | ||
| prime-apimachinery.sh | ||
README.md
This directory is the staging area for packages that have been split to their own repository. The content here will be periodically published to respective top-level k8s.io repositories.
Most code in the staging/ directory is authoritative, i.e. the only copy of
the code. You can directly modify such code. However the packages in
staging/src/k8s.io/client-go/pkg are copied from pkg/. If you modify the
original code in pkg/, you need to run hack/godep-restore.sh from the k8s
root directory, followed by hack/update-staging-client-go.sh. We are working
towards making all code in staging/ authoritative.
The vendor/k8s.io directory contains symlinks pointing to this staging area,
so to use a package in the staging area, you can import it as
k8s.io/<package-name>, as if the package were vendored. Packages will be
vendored from k8s.io/<package-name> for real after the test matrix is
converted to vendor k8s components.