
After enablement of etcd encryption in https://review.opendev.org/628290 for promenade, bootstrap-armada pod should be run with '--experimental-encryption-provider-config' service parameter to avoid issue: 'ERROR: No API token found for service account "airship-ucp-ceph-osd-test"' Change-Id: Ib9bf1fa7333874b2d88db84019b26a2691a7d18a
51 lines
1.1 KiB
YAML
51 lines
1.1 KiB
YAML
---
|
|
schema: deckhand/DataSchema/v1
|
|
metadata:
|
|
schema: metadata/Control/v1
|
|
name: promenade/EncryptionPolicy/v1
|
|
labels:
|
|
application: promenade
|
|
data:
|
|
$schema: http://json-schema.org/schema#
|
|
|
|
definitions:
|
|
script_encryption:
|
|
oneof:
|
|
- { $ref: '#/definitions/encryption_method_gpg' }
|
|
|
|
etcd_encryption:
|
|
type: array
|
|
items:
|
|
type: object
|
|
additionalProperties: false
|
|
properties:
|
|
resources:
|
|
type: array
|
|
items:
|
|
type: string
|
|
providers:
|
|
type: array
|
|
items:
|
|
type: object
|
|
additionalProperties: true
|
|
encryption_method_gpg:
|
|
properties:
|
|
gpg:
|
|
type: object
|
|
additionalProperties: false
|
|
required:
|
|
- gpg
|
|
additionalProperties: false
|
|
|
|
properties:
|
|
etcd:
|
|
$ref: '#/definitions/etcd_encryption'
|
|
scripts:
|
|
properties:
|
|
genesis:
|
|
$ref: '#/definitions/script_encryption'
|
|
join:
|
|
$ref: '#/definitions/script_encryption'
|
|
additionalProperties: false
|
|
...
|