diff options
| author | OpenShift Bot <eparis+openshiftbot@redhat.com> | 2017-07-17 16:04:11 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-17 16:04:11 -0400 |
| commit | 69d3800c55bd6b8bdca40d93030b3bfb794fee15 (patch) | |
| tree | cb5568d0dd8c1d52467595cef468134c34605110 | |
| parent | da7551b82fc37a77181a8c9aa9b82060b7101c5f (diff) | |
| parent | 09e74fa8f619038ea06723392ce0d620ffbc6d3a (diff) | |
| download | openshift-69d3800c55bd6b8bdca40d93030b3bfb794fee15.tar.gz openshift-69d3800c55bd6b8bdca40d93030b3bfb794fee15.tar.bz2 openshift-69d3800c55bd6b8bdca40d93030b3bfb794fee15.tar.xz openshift-69d3800c55bd6b8bdca40d93030b3bfb794fee15.zip | |
Merge pull request #4594 from kwoodson/encryption
Merged by openshift-bot
| -rw-r--r-- | inventory/byo/hosts.origin.example | 7 | ||||
| -rw-r--r-- | inventory/byo/hosts.ose.example | 7 | ||||
| -rw-r--r-- | roles/openshift_hosted/templates/registry_config.j2 | 5 |
3 files changed, 18 insertions, 1 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index e6bc6c829..5cad2eef7 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -468,6 +468,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # S3 bucket must already exist. #openshift_hosted_registry_storage_kind=object #openshift_hosted_registry_storage_provider=s3 +#openshift_hosted_registry_storage_s3_encrypt=false +#openshift_hosted_registry_storage_s3_kmskeyid=aws_kms_key_id #openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id #openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key #openshift_hosted_registry_storage_s3_bucket=bucket_name @@ -552,6 +554,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure the prefix and version for the component images #openshift_hosted_metrics_deployer_prefix=docker.io/openshift/origin- #openshift_hosted_metrics_deployer_version=3.6.0 +# +# StorageClass +# openshift_storageclass_name=gp2 +# openshift_storageclass_parameters={'type': 'gp2', 'encrypted': false} +# # Logging deployment # diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 928da40fa..c330afd14 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -468,6 +468,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # S3 bucket must already exist. #openshift_hosted_registry_storage_kind=object #openshift_hosted_registry_storage_provider=s3 +#openshift_hosted_registry_storage_s3_encrypt=false +#openshift_hosted_registry_storage_s3_kmskeyid=aws_kms_key_id #openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id #openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key #openshift_hosted_registry_storage_s3_bucket=bucket_name @@ -552,6 +554,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure the prefix and version for the component images #openshift_hosted_metrics_deployer_prefix=registry.example.com:8888/openshift3/ #openshift_hosted_metrics_deployer_version=3.6.0 +# +# StorageClass +# openshift_storageclass_name=gp2 +# openshift_storageclass_parameters={'type': 'gp2', 'encrypted': false} +# # Logging deployment # diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2 index dc8a9f089..9673841bf 100644 --- a/roles/openshift_hosted/templates/registry_config.j2 +++ b/roles/openshift_hosted/templates/registry_config.j2 @@ -21,7 +21,10 @@ storage: regionendpoint: {{ openshift_hosted_registry_storage_s3_regionendpoint }} {% endif %} bucket: {{ openshift_hosted_registry_storage_s3_bucket }} - encrypt: false + encrypt: {{ openshift_hosted_registry_storage_s3_encrypt | default(false) }} +{% if openshift_hosted_registry_storage_s3_kmskeyid %} + keyid: {{ openshift_hosted_registry_storage_s3_kmskeyid }} +{% endif %} secure: true v4auth: true rootdirectory: {{ openshift_hosted_registry_storage_s3_rootdirectory | default('/registry') }} |