New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: enhance encryption algorithm support in v1beta4 #123054
kubeadm: enhance encryption algorithm support in v1beta4 #123054
Conversation
/hold for review |
/cc @pacoxu @randomvariable |
/lgtm |
LGTM label has been added. Git tree hash: 9d9695fd56aa0faabfba46fd5fc8b33f06f8aaa3
|
d3810a6
to
9b401c8
Compare
9b401c8
to
7667221
Compare
Previous v1beta4 work added support for ClusterConfiguration.EncryptionAlgorithm, however the possible values were limited to just "RSA" (2048 key size) and "ECDSA" (P256). Allow more arbitrary algorithm types, that can also include key size or curve type encoded in the name: "RSA-2048" (default), "RSA-3072", "RSA-4096" or "ECDSA-P256". Update the deprecation notice of the PublicKeysECDSA FeatureGate as ideally it should be removed only after v1beta3 is removed.
7667221
to
2cab797
Compare
/lgtm |
LGTM label has been added. Git tree hash: 5d50ace707c57c9a3c2ee4886b9215441083afbf
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: neolit123, SataQiu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/hold cancel
Which PR has the changelog entry for this? |
none yet, when we are about to release v1beta4 we will push a PR with a bug release note that has all the new features in this API |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Previous v1beta4 work added support for
ClusterConfiguration.EncryptionAlgorithm, however the possible values were limited to just "RSA" (2048 key size) and "ECDSA" (P256).
Allow more arbitrary algorithm types, that can also include key size or curve type encoded in the name:
"RSA-2048" (default), "RSA-3072", "RSA-4096" or "ECDSA-P256".
Update the deprecation notice of the PublicKeysECDSA FeatureGate as ideally it should be removed only after v1beta3 is removed.
Which issue(s) this PR fixes:
Fixes kubernetes/kubeadm#3003
see kubernetes/kubeadm#3003 (comment)
Special notes for your reviewer:
NONE
Does this PR introduce a user-facing change?
(intentionally none)
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: