encryption-provider-operator

encryption-provider-operator is creating and updating encryption config for k8s secret encryption of secret in etcd

simplified process of key rotation

trigger new keyrotation -> either via annotation or after some period
new encryption config file is generated with old and new key, the new key on the first position
install encryption config hasher on the cluster and calculate hashes
operator waits until all nodes have the hash of the config that is equal to what it sees in the MC
operator will recreate all secrets
operator will update the encryption config and remove the old key the * last step is to roll all master nodes again but it's not required or watched by the controller

Name		Name	Last commit message	Last commit date
Latest commit History 98 Commits
.circleci		.circleci
.github/workflows		.github/workflows
config		config
controllers		controllers
hack		hack
helm/encryption-provider-operator		helm/encryption-provider-operator
pkg		pkg
.gitignore		.gitignore
.nancy-ignore		.nancy-ignore
.nancy-ignore.generated		.nancy-ignore.generated
.pre-commit-config.yaml		.pre-commit-config.yaml
CHANGELOG.md		CHANGELOG.md
CODEOWNERS		CODEOWNERS
DCO		DCO
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
Makefile.gen.app.mk		Makefile.gen.app.mk
Makefile.gen.go.mk		Makefile.gen.go.mk
PROJECT		PROJECT
README.md		README.md
SECURITY.md		SECURITY.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go
renovate.json5		renovate.json5

Provide feedback