Copy encryption provider config file to second controller

kube-apiserver encryption provider config file is generated by ansible bootstrap on the first controller and stored in the shared fs. It is then copied over to the second controller. When kube-apiserver pod starts it will take this configuration file as its encryption provider configuration. Change-Id: Ibfcfb13c8a6685e38a1043acd7ec752ea116911c Story: 2007243 Task: 38627 Signed-off-by: Andy Ning <andy.ning@windriver.com>
2020-02-04 15:42:20 -05:00 · 2020-02-04 15:42:20 -05:00 · 29f38ce637
parent 6146360816
commit 29f38ce637
1 changed files with 12 additions and 0 deletions
--- a/controllerconfig/controllerconfig/scripts/controller_config
+++ b/controllerconfig/controllerconfig/scripts/controller_config
@ -344,6 +344,18 @@ start()
        fi
    fi

+    # Copy over kube api server encryption provider config
+    if [ -e $CONFIG_DIR/kubernetes/encryption-provider.yaml ]
+    then
+        cp $CONFIG_DIR/kubernetes/encryption-provider.yaml /etc/kubernetes/
+        if [ $? -ne 0 ]
+        then
+            fatal_error "Unable to copy kube api server encryption provider config file"
+        else
+            chmod 600 /etc/kubernetes/encryption-provider.yaml
+        fi
+    fi
+
    # Keep the /opt/branding directory to preserve any new files
    rm -rf /opt/branding/*.tgz
    cp $CONFIG_DIR/branding/*.tgz /opt/branding 2>/dev/null