apiserver

Commit Graph

Author	SHA1	Message	Date
Anish Ramasekar	225e26ac4a	Implement KMS v2alpha1 - add feature gate - add encrypted object and run generated_files - generate protobuf for encrypted object and add unit tests - move parse endpoint to util and refactor - refactor interface and remove unused interceptor - add protobuf generate to update-generated-kms.sh - add integration tests - add defaulting for apiVersion in kmsConfiguration - handle v1/v2 and default in encryption config parsing - move metrics to own pkg and reuse for v2 - use Marshal and Unmarshal instead of serializer - add context for all service methods - check version and keyid for healthz Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com> Kubernetes-commit: f19f3f409938ff9ac8a61966e47fbe9c6075ec90	2022-06-29 20:51:35 +00:00
Mikko Ylinen	12a8b7fef3	grpc: move to use grpc.WithTransportCredentials() v1.43.0 marked grpc.WithInsecure() deprecated so this commit moves to use what is the recommended replacement: grpc.WithTransportCredentials(insecure.NewCredentials()) Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com> Kubernetes-commit: 2c8bfad9106039aa15233b5bf7282b25a7b7e0a0	2022-05-11 12:13:28 +03:00
Anish Ramasekar	c6c1465ed7	Add KMS v2alpha1 API Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com> Kubernetes-commit: 907545445ab8b4e34c1068ab9828a930c30cbfc4	2022-05-24 23:43:09 +00:00
Anish Ramasekar	e442eafb33	feat: prepare KMS data encryption for migration to AES-GCM Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com> Co-authored-by: Monis Khan <mok@vmware.com> Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com> Kubernetes-commit: 90b42f91fd904b71fd52ca9ae55a5de73e6b779a	2022-03-16 17:54:10 +00:00
Steve Kuznetsov	af1cb1cefe	storage: transformers: pass a context.Context When an envelope transformer calls out to KMS (for instance), it will be very helpful to pass a `context.Context` to allow for cancellation. This patch does that, while passing the previously-expected additional data via a context value. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com> Kubernetes-commit: 27312feb9983c18d1daf00afba788727d024cdd0	2022-02-17 07:29:44 -08:00
Davanum Srinivas	56a3a30ae1	Check in OWNERS modified by update-yamlfmt.sh Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d	2021-12-09 21:31:26 -05:00
tiloso	ab3cca3647	Fix staticcheck in apiserver and client-go pkgs Kubernetes-commit: 830a137d2ea70663cd94403595313b95ac40ffe8	2021-06-19 22:03:46 +02:00
Stephen Augustus	771ffe6475	generated: Run hack/update-gofmt.sh Signed-off-by: Stephen Augustus <foo@auggie.dev> Kubernetes-commit: 481cf6fbe753b9eb2a47ced179211206b0a99540	2021-08-12 17:13:11 -04:00
Davanum Srinivas	fe1610f3fe	switch from golang-lru to the one in k8s.io/utils Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 79d0c6cdc10293c9bfe644ce31dc186a936579b0	2021-07-07 13:45:07 -04:00
卢振兴10069964	549cbbf8de	fix broken link in some files Kubernetes-commit: b29a5fb0746f772b38da570cd8fdc77396ffca31	2021-04-13 08:43:24 +08:00
Jiaxin Shan	dfad5032fb	Fix ALPHA stability level reference link Kubernetes-commit: e01a21469b9719f7d0e84021c032cd8f0016b5d2	2021-01-31 15:37:07 -08:00
Davanum Srinivas	5879417a28	switch over k/k to use klog v2 Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5	2020-04-17 15:25:06 -04:00
immutablet	66b663f223	Instrument DEK cache fill and request inter-arrival times. Kubernetes-commit: 684d6fb0ade6ac088af391cedd70bc847941a54f	2020-02-18 16:39:53 -08:00
Davanum Srinivas	cde2338e26	update generated files Kubernetes-commit: b3853138a4f1a0637ec3c38a5c59f8228765b261	2020-01-13 17:56:56 -05:00
immutablet	5cec6b4746	Add defaulting logic for EncryptionConfiguration. Kubernetes-commit: a151aa35dc21881d178e498141e5f58df13fb400	2019-11-14 22:53:18 -08:00
immutablet	29f5d9ba4a	Move the common logic of checking for kms-plugin's version into gRPC client interceptor. Kubernetes-commit: d2b4723302e61efdd942d59801f18ae3ec24887a	2019-10-25 15:08:52 -07:00
immutablet	3079381054	Use single kms-plugin mock in unit and integration tests. Kubernetes-commit: 4d24b41410f2253c7b2f9e2b6d56910894016c61	2019-10-11 15:25:05 -07:00
immutablet	5035dae3d5	Replace deprecated methods in the logic involved in the construction of gRPC connection to kms-plugin. Kubernetes-commit: e50c264c35a32200febde3b10838b2ef2f986c39	2019-10-07 15:57:47 -07:00
chenyaqi01	4f9778fb9d	replace bytes.Compare() with bytes.Equal() Kubernetes-commit: 66be69bb0e7fd147be650385d272ae14ee2857c8	2019-09-27 10:06:50 +08:00
Shihang Zhang	53db7e198a	change envelope transformer to return status error for better monitoring Change-Id: I8263c4673d5f57617acf315c7af6ebe5aacd9c7c Kubernetes-commit: cba43530d77d7f28bc302912e8f43c4a69fdec3b	2019-09-10 13:12:31 -07:00
haoshuwei	5bce489f18	fix some ineffassigns Signed-off-by: haoshuwei <haoshuwei24@gmail.com> Kubernetes-commit: aaed9daf9b44757e767d93bd45d1bb0412c00243	2019-09-09 18:52:17 +08:00
Antoine Pelisse	0c3358252b	Regenerate Kubernetes-commit: 6568325ca2bef519e5c8228cd33887660b5ed7b0	2019-07-24 15:21:55 -07:00
Vallery Lancey	6e15e9a893	Updated github.com/gogo/protobuf from SHA to nearest-pinnable tag (v1.0.0), as part of dependency management cleanup: #79234 Kubernetes-commit: fe59ee8aaf8c7399476d286349caca9e3c05c522	2019-07-02 21:44:06 -07:00
Jordan Liggitt	8b9440cfa5	Fix spurious .sock files running envelope unit tests Kubernetes-commit: 04b6f1ea03f88abd9eb3a2635995a405f68527e0	2019-06-13 10:52:59 -04:00
Roy Lenferink	4c9524b9fb	Updated OWNERS files to include link to docs Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f	2019-01-30 20:05:00 +01:00
immutableT	9c474d9c53	require timeout to be greater than zero. add unit test to cover timeout behaviour. Kubernetes-commit: 39aca564749cd92ed1cfec7129eb3f6593549137	2019-01-04 17:06:07 -08:00
Nikhita Raghunath	e6d011f6fa	Add license header to non-generated proto files Kubernetes-commit: 6285db6576553e40aacb74579de57a77e19bb434	2018-10-30 22:29:07 +05:30
Davanum Srinivas	2710b17b80	Move from glog to klog - Move from the old github.com/golang/glog to k8s.io/klog - klog as explicit InitFlags() so we add them as necessary - we update the other repositories that we vendor that made a similar change from glog to klog * github.com/kubernetes/repo-infra * k8s.io/gengo/ * k8s.io/kube-openapi/ * github.com/google/cadvisor - Entirely remove all references to glog - Fix some tests by explicit InitFlags in their init() methods Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135 Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c	2018-11-09 13:49:10 -05:00
Jordan Liggitt	136e478e9f	encryption-at-rest approvers/reviewers Kubernetes-commit: 666c93a8343029a499ea64de8a6d09596097ccb3	2018-11-02 17:38:17 -04:00
Joe Betz	5c1ed41d69	Update etcd client to 3.3.9 Kubernetes-commit: 4263c752115c3796ee5715c7de4cbc2e237809d3	2018-10-01 16:53:57 -07:00
immutableT	d0ea04d52d	Increase time-out of kms-service concurrency tests. Kubernetes-commit: fd64c3bac6f2a611a154c86c93fd77404404aba5	2018-10-05 16:22:00 +00:00
Mike Danese	93a015d36a	refactor envelope to use cryptobytes Kubernetes-commit: 36ab52b428f6b87df5bdd85f253758967bf0a240	2018-09-28 23:02:42 -07:00
immutablet	e9bce895cf	Lazily dial kms-plugin. Kubernetes-commit: 07cbf2545f705d0448631f479a18d0b86b7055dc	2018-09-12 14:56:44 -07:00
fisherxu	164f30a663	use dailcontext Kubernetes-commit: 89f3fa3d62791e756dcbd645818ea03d7c1a86b8	2018-08-24 10:18:21 +08:00
immutablet	842873f83e	Add support for linux abstract socket namespace. Kubernetes-commit: 01008911687c27b15aee4766a70786684bdb3f01	2018-05-31 14:00:42 -07:00
immutablet	5ae492efc5	Add metrics for envelop transformer: transformation_operation_count transformation_failures_count envelope_transformation_cache_misses_count data_key_generation_latencies_microseconds data_key_generation_failures_count Kubernetes-commit: 695c3e32ad0ff144b36e4deed13a678120f5b6fb	2018-05-29 14:40:39 -07:00
Yang Li	a362c0e81d	apiserver: update tests to use sub-benchmarks (aes_test.go) Kubernetes-commit: 19026bf9620a65ed2edb10cdfe096cd3afb6f87e	2018-05-27 15:52:05 +08:00
Yang Li	7acf498bec	apiserver: update tests to use sub-benchmarks (secretbox_test.go) Kubernetes-commit: 6647b92c86b2dd5dc5c6af457c400b3ee55c7c39	2018-05-27 16:19:11 +08:00
Justin Santa Barbara	f9ec73e95b	Fix typo in envelope transform error message Kubernetes-commit: 8f87e5c7dab27671e1f68356e825deab879630bf	2018-05-09 09:36:29 -04:00
hzxuzhonghu	6ab99203b7	Replace "golang.org/x/net/context" with "context" Kubernetes-commit: 70e45eccf27726f0e63dd1024924ccc7e2cd35a0	2018-02-28 12:20:22 +08:00
fisherxu	716af975eb	regenerated all files and remove all YEAR fields Kubernetes-commit: b49ef6531c11f1c834e0d7591f5c965f6193c711	2018-01-22 20:37:53 +08:00
Kubernetes Publisher	627fa76a8b	sync: initially remove files BUILD /BUILD BUILD.bazel /BUILD.bazel	2018-03-15 09:38:17 +00:00
Ryan Hitchman	43796a9895	Fix build tag for grpc_service_unix_test.go. Kubernetes-commit: 4d2e43f53f3c057e7bddd6f09e5a82b0b97d276f	2018-02-09 12:10:25 -08:00
Wang Guoliang	32fe314a1e	fix some syntax related errors Kubernetes-commit: d065157dd74fa02eec87f5849528b079a3736c3d	2018-02-11 19:50:49 +08:00
Mike Danese	3ec7dfbb59	kms: rename KMSService to KeyManagmentService KMSService is redundent. Kubernetes-commit: fc8ff61eb9e153d9e3f67549b8454cdea89bab30	2018-02-22 19:36:03 -08:00
Jeff Grafton	1ab12b2dc8	Autogenerated: hack/update-bazel.sh Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e	2018-02-16 13:43:01 -08:00
Di Xu	9beeb59216	fix all the typos across the project Kubernetes-commit: 48388fec7eaad4ac8d84fbe20673ffacf41964a1	2018-02-09 14:53:53 +08:00
Wu Qiang	bed3e4f9ab	Add generated script for kms api pb file Kubernetes-commit: 9825018e4a004523492893433604439b1f2acd22	2018-01-29 06:00:57 +00:00
Wu Qiang	be4ee1ba37	Remove configfile for kms in encryption config Kubernetes-commit: 5ae61ed386e3fbc3b7e91d343afadadd52ac027d	2018-01-26 11:53:24 +00:00
Wu Qiang	a32d2bb427	Update for review comments Kubernetes-commit: 2e7af38d6b4c8ed9e1fb23930b98ed8d2ad68aa0	2018-01-25 05:39:48 +00:00

1 2

72 Commits