f08a454b45
After enablement of etcd encryption in https://review.opendev.org/628290 for promenade, bootstrap-armada pod should be run with '--experimental-encryption-provider-config' service parameter to avoid issue: 'ERROR: No API token found for service account "airship-ucp-ceph-osd-test"' Change-Id: Ib9bf1fa7333874b2d88db84019b26a2691a7d18a
28 lines
584 B
YAML
28 lines
584 B
YAML
---
|
|
schema: promenade/EncryptionPolicy/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: encryption-policy
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
- src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: apiserver-encryption-key-key1
|
|
path: .
|
|
dest:
|
|
path: .etcd[0].providers[0].secretbox.keys[0].secret
|
|
data:
|
|
etcd:
|
|
- resources:
|
|
- 'secrets'
|
|
providers:
|
|
- secretbox:
|
|
keys:
|
|
- name: key1
|
|
secret: null
|
|
- identity: {}
|
|
...
|