Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Warn on key rotations during upgrades #31437

Merged
merged 1 commit into from
Mar 19, 2024
Merged

docs: Warn on key rotations during upgrades #31437

merged 1 commit into from
Mar 19, 2024

Conversation

pchaigno
Copy link
Member

In general, it is not recommended to carry several admin. operations on the cluster at the same time, as it can make troubleshooting in case of issues a lot more complicated. Mixing operations is also less likely to be covered in CI so more likely to hit corner cases.

Performing IPsec key rotations during Cilium up/downgrades is one such case. Let's document it explicitly to discourage users from doing that.

cc @darox @ldelossa

@pchaigno
docs: Warn on key rotations during upgrades
ab8c431 
In general, it is not recommended to carry several admin. operations on
the cluster at the same time, as it can make troubleshooting in case of
issues a lot more complicated. Mixing operations is also less likely to
be covered in CI so more likely to hit corner cases.

Performing IPsec key rotations during Cilium up/downgrades is one such
case. Let's document it explicitly to discourage users from doing that.

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
@pchaigno pchaigno added area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. release-note/misc This PR makes changes that have no direct user impact. needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch feature/ipsec Relates to Cilium's IPsec feature needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels Mar 17, 2024
@pchaigno pchaigno requested a review from ldelossa March 17, 2024 17:09
@pchaigno pchaigno marked this pull request as ready for review March 17, 2024 17:09
@pchaigno pchaigno requested review from a team as code owners March 17, 2024 17:09
@qmonnet
Copy link
Member

qmonnet commented Mar 18, 2024

/test

@qmonnet qmonnet removed the request for review from learnitall March 18, 2024 16:14
@julianwiedmann julianwiedmann added this pull request to the merge queue Mar 19, 2024
Merged via the queue into cilium:main with commit b639eab Mar 19, 2024
60 checks passed
@gandro gandro mentioned this pull request Mar 19, 2024
Merged
21 tasks
@gandro gandro added backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. and removed needs-backport/1.15 This PR / issue needs backporting to the v1.15 branch labels Mar 19, 2024
@gandro gandro mentioned this pull request Mar 19, 2024
Merged
10 tasks
@gandro gandro added backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. and removed needs-backport/1.14 This PR / issue needs backporting to the v1.14 branch labels Mar 19, 2024
@gandro gandro mentioned this pull request Mar 19, 2024
Merged
8 tasks
@gandro gandro added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Mar 19, 2024
@github-actions github-actions bot added backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. and removed backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. labels Mar 20, 2024
@pchaigno pchaigno deleted the docs-key-rotation-upgrade branch March 20, 2024 22:09
@github-actions github-actions bot added backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. and removed backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. backport-pending/1.15 The backport for Cilium 1.15.x for this PR is in progress. labels Mar 21, 2024
@ldelossa ldelossa mentioned this pull request Mar 22, 2024
Merged
@jrajahalme jrajahalme mentioned this pull request Mar 26, 2024
Merged
@thorn3r thorn3r mentioned this pull request Mar 26, 2024
Merged
@jrajahalme jrajahalme mentioned this pull request Mar 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gentoo-root gentoo-root gentoo-root approved these changes

@jschwinger233 jschwinger233 jschwinger233 approved these changes

@qmonnet qmonnet qmonnet approved these changes

@ldelossa ldelossa Awaiting requested review from ldelossa

Assignees
No one assigned
Labels
area/documentation Impacts the documentation, including textual changes, sphinx, or other doc generation code. area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. backport-done/1.15 The backport for Cilium 1.15.x for this PR is done. feature/ipsec Relates to Cilium's IPsec feature release-note/misc This PR makes changes that have no direct user impact.
Projects
No open projects
cilium v1.13.14
Status: Released
cilium v1.14.9
Status: Released
cilium v1.15.3
Status: Released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@pchaigno @qmonnet @gentoo-root @jschwinger233 @gandro @julianwiedmann