New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce apiserver.config.k8s.io/v1 and use standard method for parsing encryption config file #67383

Merged
merged 2 commits into from Nov 17, 2018

Conversation

@stlaz
Copy link
Contributor

stlaz commented Aug 14, 2018

What this PR does / why we need it:
This PR reworks handling of the configuration file for encryption at rest. Now it uses a standard approach for parsing and also it supports versioning. Also bumps encryption config to v1 (see #63032 (comment) for reasons)

/sig auth
/release-note-none
CC @simo5 @marrrvin @luxas

Fixes: #61420
Fixes: #61599

Obsoletes PR #63032

The API server encryption configuration file format has graduated to stable and moved to `apiVersion: apiserver.config.k8s.io/v1` and `kind: EncryptionConfiguration`.

@k8s-ci-robot k8s-ci-robot requested review from bowei and enisoc Aug 14, 2018

@stlaz stlaz changed the title Enc config promotion Introduce apiserver.config.k8s.io/v1 and use standard method for parsing encryption config file Aug 14, 2018

@stlaz

This comment has been minimized.

Copy link
Contributor

stlaz commented Aug 14, 2018

/release-note-none

@neolit123

This comment has been minimized.

Copy link
Member

neolit123 commented Aug 14, 2018

/ok-to-test
probably best to add a release note for this.

@stlaz

This comment has been minimized.

Copy link
Contributor

stlaz commented Aug 15, 2018

/retest
Thanks, I'll add a release note on the way.

@stlaz

This comment has been minimized.

Copy link
Contributor

stlaz commented Aug 16, 2018

Added a release note.

@stlaz

This comment has been minimized.

Copy link
Contributor

stlaz commented Aug 23, 2018

CC @liggitt @sttts @ericchiang as you were reviewing the original PR, too.

"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/runtime/serializer"
kubecfg "k8s.io/apiserver/pkg/apis/config"
kubecfgv1 "k8s.io/apiserver/pkg/apis/config/v1"

This comment has been minimized.

@sttts

sttts Aug 23, 2018

Contributor

apiserverconfigv1

@@ -33,7 +33,7 @@ import (

corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apiserver/pkg/server/options/encryptionconfig"
kubecfgv1 "k8s.io/apiserver/pkg/apis/config/v1"

This comment has been minimized.

@sttts

sttts Aug 23, 2018

Contributor

apiserverconfigv1

@dims

This comment has been minimized.

Copy link
Member

dims commented Aug 23, 2018

/milestone v1.12

We need this for 1.12 right? please clear milestone if not

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Aug 29, 2018

apologies for the delay on this and #63032 ... the bandwidth for component config review in 1.12 got consumed by the coarse-grained changes to split by component (#67233). I anticipate more progress being made on the apiserver config bits post-freeze.

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Nov 13, 2018

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm label Nov 13, 2018

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Nov 13, 2018

staging godeps need updating (hack/update-staging-godeps.sh)

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Nov 13, 2018

cc @immutableT for gce encryption config change. can you review and tag the appropriate approver?

@stlaz stlaz force-pushed the stlaz:enc_config_promotion branch from 471bfcf to 628d1fe Nov 13, 2018

@k8s-ci-robot k8s-ci-robot removed the lgtm label Nov 13, 2018

@stlaz

This comment has been minimized.

Copy link
Contributor

stlaz commented Nov 13, 2018

Updated godeps. Hopefully everything will be alright now.

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Nov 13, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm label Nov 13, 2018

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Nov 14, 2018

/assign @mikedanese
for approval of cluster/gce changes

@mikedanese

This comment has been minimized.

Copy link
Member

mikedanese commented Nov 16, 2018

/approve

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Nov 16, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, mikedanese, stlaz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cjwagner

This comment has been minimized.

Copy link
Member

cjwagner commented Nov 16, 2018

Please add the appropriate priority/* label to this PR.

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Nov 16, 2018

/priority important-soon

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Nov 16, 2018

@stlaz can you open a PR against https://github.com/kubernetes/website/tree/dev-1.13 updating the documentation around the encryption config file, noting the apiVersion and kind as of 1.13?

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Nov 16, 2018

/retest

@AishSundar

This comment has been minimized.

Copy link
Contributor

AishSundar commented Nov 16, 2018

/priority critical-urgent
/remove-priority important-soon

@k8s-ci-robot k8s-ci-robot merged commit 1e22f08 into kubernetes:master Nov 17, 2018

16 of 18 checks passed

pull-kubernetes-e2e-gke Job triggered.
Details
pull-kubernetes-kubemark-e2e-gce-big Job triggered.
Details
cla/linuxfoundation stlaz authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-cross Skipped
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-kops-aws Job succeeded.
Details
pull-kubernetes-e2e-kubeadm-gce Skipped
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-local-e2e Skipped
pull-kubernetes-local-e2e-containerized Skipped
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
tide In merge pool.
Details
@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Nov 17, 2018

@stlaz: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
pull-kubernetes-e2e-gke 628d1fe link /test pull-kubernetes-e2e-gke

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@stlaz

This comment has been minimized.

Copy link
Contributor

stlaz commented Nov 17, 2018

@liggitt I will open a doc PR later today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment