-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use non-experimental version of encryption provider config flag in 1.13+ #7900
Use non-experimental version of encryption provider config flag in 1.13+ #7900
Conversation
The alpha version of encryption at rest used the following flag: `--experimental-encryption-provider-config`. As of kubernetes 1.13, `--encryption-provider-config` should be used instead.
Hi @zacblazic. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
Looks like we are still discussing a formal deprecation policy, but wondering what the thought here is on the old flag. I agree that it should be a new field so it's clear what is happening for 1.13+, but maybe we should also be alerting users via |
/test pull-kops-verify-staticcheck |
@joshbranham from the user's point of view this change is transparent. The config option remains the same: I see in code that the "experimental" flag was not yet removed, so at least nothing is broken. |
This looks good to me; we maybe should only introduce it to newer k8s versions (so we don't change configuration for older kubernetes versions), but they are aliases to each other, and they are so similar I don't think they are going to cause any confusion. We could (separately) warn if someone is explicitly specifying /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb, zacblazic The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Will this change be ported into |
…-origin-release-1.17 Automated cherry pick of #7900: Add encryptionProviderConfig field
…-origin-release-1.16 Automated cherry pick of #7900: Add encryptionProviderConfig field
As of kubernetes 1.13, the
--encryption-provider-config
flag should be used instead of the variant that provided alpha support for the feature.From https://v1-13.docs.kubernetes.io/docs/setup/release/notes/#deprecations: