Add kubectl encryption config

roles/kubectl/tasks/main.yml

@@ -75,3 +75,9 @@
       client_cert: admin
   loop_control:
     loop_var: service
+
+- name: Create encryption config file
+  template:
+    src: "templates/encryption-config.yaml.j2"
+    dest: "{{k8s_encryption_config_directory}}/encryption-config.yaml"
+    mode: 0600

roles/kubectl/templates/encryption-config.yaml.j2

@@ -0,0 +1,11 @@
+kind: EncryptionConfig
+apiVersion: v1
+resources:
+  - resources:
+      - secrets
+    providers:
+      - aescbc:
+          keys:
+            - name: key1
+              secret: {{k8s_encryption_config_key}}
+      - identity: {}