jetstack
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Gopkg.lock‎
Lines changed: 3 additions & 3 deletions b/‎Gopkg.lock‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎Gopkg.toml‎
Lines changed: 1 addition & 1 deletion b/‎Gopkg.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎puppet/modules/kubernetes/manifests/apiserver.pp‎
Lines changed: 1 addition & 0 deletions b/‎puppet/modules/kubernetes/manifests/apiserver.pp‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎puppet/modules/kubernetes/manifests/init.pp‎
Lines changed: 1 addition & 0 deletions b/‎puppet/modules/kubernetes/manifests/init.pp‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎puppet/modules/kubernetes/templates/kube-apiserver.service.erb‎
Lines changed: 3 additions & 0 deletions b/‎puppet/modules/kubernetes/templates/kube-apiserver.service.erb‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎puppet/modules/tarmak/manifests/master.pp‎
Lines changed: 9 additions & 0 deletions b/‎puppet/modules/tarmak/manifests/master.pp‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎puppet/modules/tarmak/spec/acceptance/single_node_spec.rb‎
Lines changed: 0 additions & 2 deletions b/‎puppet/modules/tarmak/spec/acceptance/single_node_spec.rb‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎puppet/modules/tarmak/spec/spec_helper_acceptance.rb‎
Lines changed: 0 additions & 2 deletions b/‎puppet/modules/tarmak/spec/spec_helper_acceptance.rb‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎puppet/modules/vault_client/files/vault-add-hostname.sh‎
Lines changed: 1 addition & 1 deletion b/‎puppet/modules/vault_client/files/vault-add-hostname.sh‎
Lines changed: 1 addition & 1 deletion
@@ -22,7 +22,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 | Vault       |                    | `0.9.5`  |
 | Kubernetes  | `>= 1.7 && < 1.11` | `1.9.7`  |
 | Calico      |                    | `3.1.1`  |
-| Vault Helper|                    | `0.9.7`  |
+| Vault Helper|                    | `0.9.12` |
 | Etcd        |                    | `3.2.17` |
 
 ## [0.3.0]: 0.3.0 - 2018-02-20
 
@@ -48,7 +48,7 @@ required = [
 
 [[constraint]]
   name = "github.com/jetstack/vault-helper"
-  version = "0.9.10"
+  version = "0.9.12"
 
 [[constraint]]
   name = "github.com/cenkalti/backoff"
 
@@ -8,6 +8,7 @@
   $admission_control = undef,
   $count = 1,
   $storage_backend = undef,
+  Optional[String] $encryption_config_file = undef,
   $etcd_nodes = ['localhost'],
   $etcd_port = 2379,
   $etcd_events_port = undef,
 
@@ -105,6 +105,7 @@
     $_service_account_key_file = $service_account_key_file
   }
 
+
   if $cluster_dns == undef {
     $_sir_parts = $service_ip_range_network.split('\.')
     $_cluster_dns = "${_sir_parts[0]}.${_sir_parts[1]}.${_sir_parts[2]}.10"
 
@@ -82,6 +82,9 @@ ExecStart=<%= scope['kubernetes::_dest_dir'] %>/apiserver \
 <%- if scope['kubernetes::_service_account_key_file'] -%>
   --service-account-key-file=<%= scope['kubernetes::_service_account_key_file'] %> \
 <% end -%>
+<%- if @post_1_7 and @encryption_config_file -%>
+  --experimental-encryption-provider-config=<%= @encryption_config_file %> \
+<% end -%>
 <%- if scope.function_versioncmp([scope['kubernetes::version'], '1.9.0']) >= 0 -%>
   --endpoint-reconciler-type=lease \
 <%- else -%>
 
@@ -31,6 +31,14 @@
     uid         => $::tarmak::kubernetes_uid,
   }
 
+  $encryption_config_file = "${::tarmak::kubernetes_config_dir}/encryption-config.yaml"
+  vault_client::secret_service { 'kube-encryption-config-file':
+    field       => 'content',
+    secret_path => "${::tarmak::cluster_name}/secrets/encryption-config",
+    dest_path   => $encryption_config_file,
+    uid         => $::tarmak::kubernetes_uid,
+  }
+
   $controller_manager_base_path = "${::tarmak::kubernetes_ssl_dir}/kube-controller-manager"
   vault_client::cert_service { 'kube-controller-manager':
     base_path   => $controller_manager_base_path,
@@ -132,6 +140,7 @@
       requestheader_client_ca_file => $requestheader_client_ca_file,
       proxy_client_cert_file       => $proxy_client_cert_file ,
       proxy_client_key_file        => $proxy_client_key_file,
+      encryption_config_file       => $encryption_config_file,
   }
 
   class { 'kubernetes::controller_manager':
 
@@ -40,8 +40,6 @@
   kubernetes_version            => '#{kubernetes_version}',
   kubernetes_authorization_mode => #{kubernetes_authorization_mode},
 }
-
-
 "
     end
 
 
@@ -34,8 +34,6 @@
 
       # install myself
       install_dev_puppet_module_on(host, :source => module_root, :module_name => 'tarmak', :target_module_path => $module_path)
-
-
     end
   end
 end
@@ -5,4 +5,4 @@ set -ex
 export VAULT_ADDR=http://127.0.0.1:8200
 export VAULT_TOKEN=root-token-dev
 
-vault read -format=json test/pki/k8s/roles/kubelet | python -c "import socket, sys, json; v=json.load(sys.stdin); v=v['data']; k='allowed_domains'; d=v[k].split(','); d.append(socket.gethostname()); v[k] = ','.join(list(set(d))); print json.dumps(v)" | vault write test/pki/k8s/roles/kubelet -
+vault read -format=json test/pki/k8s/roles/kubelet | python -c "import socket, sys, json; v=json.load(sys.stdin); v=v['data']; k='allowed_domains'; d=v[k]; d.append(socket.gethostname()); v[k] = ','.join(list(set(d))); print json.dumps(v)" | vault write test/pki/k8s/roles/kubelet -
Original file line number	Diff line number	Diff line change
`@@ -105,6 +105,7 @@`
`105`	`105`	`$_service_account_key_file = $service_account_key_file`
`106`	`106`	`}`
`107`	`107`
	`108`	`+`
`108`	`109`	`if $cluster_dns == undef {`
`109`	`110`	`$_sir_parts = $service_ip_range_network.split('\.')`
`110`	`111`	`$_cluster_dns = "${_sir_parts[0]}.${_sir_parts[1]}.${_sir_parts[2]}.10"`
Original file line number	Diff line number	Diff line change
`@@ -40,8 +40,6 @@`
`40`	`40`	`kubernetes_version => '#{kubernetes_version}',`
`41`	`41`	`kubernetes_authorization_mode => #{kubernetes_authorization_mode},`
`42`	`42`	`}`
`43`		`-`
`44`		`-`
`45`	`43`	`"`
`46`	`44`	`end`
`47`	`45`