Merge pull request #4594 from kwoodson/encryption

Merged by openshift-bot

inventory/byo/hosts.origin.example

@@ -468,6 +468,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # S3 bucket must already exist.
 #openshift_hosted_registry_storage_kind=object
 #openshift_hosted_registry_storage_provider=s3
+#openshift_hosted_registry_storage_s3_encrypt=false
+#openshift_hosted_registry_storage_s3_kmskeyid=aws_kms_key_id
 #openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id
 #openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key
 #openshift_hosted_registry_storage_s3_bucket=bucket_name
@@ -552,6 +554,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # Configure the prefix and version for the component images
 #openshift_hosted_metrics_deployer_prefix=docker.io/openshift/origin-
 #openshift_hosted_metrics_deployer_version=3.6.0
+#
+# StorageClass
+# openshift_storageclass_name=gp2
+# openshift_storageclass_parameters={'type': 'gp2', 'encrypted': false}
+#
 
 # Logging deployment
 #

inventory/byo/hosts.ose.example

@@ -468,6 +468,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # S3 bucket must already exist.
 #openshift_hosted_registry_storage_kind=object
 #openshift_hosted_registry_storage_provider=s3
+#openshift_hosted_registry_storage_s3_encrypt=false
+#openshift_hosted_registry_storage_s3_kmskeyid=aws_kms_key_id
 #openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id
 #openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key
 #openshift_hosted_registry_storage_s3_bucket=bucket_name
@@ -552,6 +554,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # Configure the prefix and version for the component images
 #openshift_hosted_metrics_deployer_prefix=registry.example.com:8888/openshift3/
 #openshift_hosted_metrics_deployer_version=3.6.0
+#
+# StorageClass
+# openshift_storageclass_name=gp2
+# openshift_storageclass_parameters={'type': 'gp2', 'encrypted': false}
+#
 
 # Logging deployment
 #

roles/openshift_hosted/templates/registry_config.j2

@@ -21,7 +21,10 @@ storage:
     regionendpoint: {{ openshift_hosted_registry_storage_s3_regionendpoint }}
 {%   endif %}
     bucket: {{ openshift_hosted_registry_storage_s3_bucket }}
-    encrypt: false
+    encrypt: {{ openshift_hosted_registry_storage_s3_encrypt | default(false) }}
+{% if openshift_hosted_registry_storage_s3_kmskeyid %}
+    keyid: {{ openshift_hosted_registry_storage_s3_kmskeyid }}
+{% endif %}
     secure: true
     v4auth: true
     rootdirectory: {{ openshift_hosted_registry_storage_s3_rootdirectory | default('/registry') }}