kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,971 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

83 Commits

Author SHA1 Message Date
Krzysztof Ostrowski a85078bf03 apiserver/kmsv2: mv Service interface into kmsv2 
Signed-off-by: Krzysztof Ostrowski <kostrows@redhat.com>

Kubernetes-commit: b7701b00eaa8cdc2103beb8ab78f625cc3b62d90
 2023-01-09 14:36:06 +01:00
lixiaobing1 c144979a82 replace WithInsecure() with WithTransportCredentials() 
Kubernetes-commit: 7892175acdb329d44cf1f34230f78e608b3cb736
 2022-10-15 16:41:53 +08:00
Monis Khan be9579fc15 k8s.io/apiserver/pkg/storage/value: allow encryption-at-rest approval 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: b68bc0678d5876e4c11c7d5289f777b6e37c4917
 2022-10-17 17:07:56 -04:00
Harsha Narayana 1da54ec21a kmsv2: enable logging for kmsv2 enc/dec operations 
Kubernetes-commit: 79d741f1f8efcfc75cecd22898c7b6b689449f0a
 2022-08-31 22:08:55 +05:30
Monis Khan 8d68e6f323 Load encryption config once 
This change updates the API server code to load the encryption
config once at start up instead of multiple times.  Previously the
code would set up the storage transformers and the etcd healthz
checks in separate parse steps.  This is problematic for KMS v2 key
ID based staleness checks which need to be able to assert that the
API server has a single view into the KMS plugin's current key ID.

Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: f507bc255382b2e2095351053bc17e74f7100d35
 2022-08-29 17:25:48 -04:00
Anish Ramasekar 1411f0e151 kmsv2: validate annotations key and size 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: d1fb258ff2d009f202cff3fdd25e6fd2bbda08ef
 2022-09-14 21:58:17 +00:00
Monis Khan c602291fa1 encryption config: no-op refactor to prepare for single loading 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: db850931a8699e780dd794e1763fd0e54b4239b5
 2022-08-29 17:25:48 -04:00
Anish Ramasekar c027ae3881 Add staging directory for kms 
- Moves kms proto apis to the staging repo
- Updates generate and verify kms proto scripts to check staging repo

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: c3794e2377016b1c18b1dcb63dc61d686c8ebcbf
 2022-08-23 20:22:09 +00:00
Anish Ramasekar ec520ccd91 [KMS]: update envelope caching unit tests 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 92dce5de71f752c8c136ec7c7417a73d50317cf5
 2022-09-15 18:01:48 +00:00
Monis Khan 70b4742ce2 kms: fix go routine leak in gRPC connection 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 4e68e9b5ad70ae074b3fb20f0fb2ba25d0792274
 2022-08-24 01:51:19 +00:00
Anish Ramasekar bdd7082eed chore(kms): remove unused plugin name and migrate from deprecated `io/ioutil` pkg 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 7db7a63959162d743f771183bf4e88e82afef868
 2022-08-23 22:55:22 +00:00
Anish Ramasekar 225e26ac4a Implement KMS v2alpha1 
- add feature gate
- add encrypted object and run generated_files
- generate protobuf for encrypted object and add unit tests
- move parse endpoint to util and refactor
- refactor interface and remove unused interceptor
- add protobuf generate to update-generated-kms.sh
- add integration tests
- add defaulting for apiVersion in kmsConfiguration
- handle v1/v2 and default in encryption config parsing
- move metrics to own pkg and reuse for v2
- use Marshal and Unmarshal instead of serializer
- add context for all service methods
- check version and keyid for healthz

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: f19f3f409938ff9ac8a61966e47fbe9c6075ec90
 2022-06-29 20:51:35 +00:00
Mikko Ylinen 12a8b7fef3 grpc: move to use grpc.WithTransportCredentials() 
v1.43.0 marked grpc.WithInsecure() deprecated so this commit moves to use
what is the recommended replacement:

grpc.WithTransportCredentials(insecure.NewCredentials())

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>

Kubernetes-commit: 2c8bfad9106039aa15233b5bf7282b25a7b7e0a0
 2022-05-11 12:13:28 +03:00
Anish Ramasekar c6c1465ed7 Add KMS v2alpha1 API 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 907545445ab8b4e34c1068ab9828a930c30cbfc4
 2022-05-24 23:43:09 +00:00
Anish Ramasekar e442eafb33 feat: prepare KMS data encryption for migration to AES-GCM 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Co-authored-by: Monis Khan <mok@vmware.com>
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 90b42f91fd904b71fd52ca9ae55a5de73e6b779a
 2022-03-16 17:54:10 +00:00
Steve Kuznetsov af1cb1cefe storage: transformers: pass a context.Context 
When an envelope transformer calls out to KMS (for instance), it will be
very helpful to pass a `context.Context` to allow for cancellation. This
patch does that, while passing the previously-expected additional data
via a context value.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>

Kubernetes-commit: 27312feb9983c18d1daf00afba788727d024cdd0
 2022-02-17 07:29:44 -08:00
Davanum Srinivas 56a3a30ae1 Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d
 2021-12-09 21:31:26 -05:00
tiloso ab3cca3647 Fix staticcheck in apiserver and client-go pkgs 
Kubernetes-commit: 830a137d2ea70663cd94403595313b95ac40ffe8
 2021-06-19 22:03:46 +02:00
Stephen Augustus 771ffe6475 generated: Run hack/update-gofmt.sh 
Signed-off-by: Stephen Augustus <foo@auggie.dev>

Kubernetes-commit: 481cf6fbe753b9eb2a47ced179211206b0a99540
 2021-08-12 17:13:11 -04:00
Davanum Srinivas fe1610f3fe switch from golang-lru to the one in k8s.io/utils 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 79d0c6cdc10293c9bfe644ce31dc186a936579b0
 2021-07-07 13:45:07 -04:00
卢振兴10069964 549cbbf8de fix broken link in some files 
Kubernetes-commit: b29a5fb0746f772b38da570cd8fdc77396ffca31
 2021-04-13 08:43:24 +08:00
Jiaxin Shan dfad5032fb Fix ALPHA stability level reference link 
Kubernetes-commit: e01a21469b9719f7d0e84021c032cd8f0016b5d2
 2021-01-31 15:37:07 -08:00
Davanum Srinivas 5879417a28 switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5
 2020-04-17 15:25:06 -04:00
immutablet 66b663f223 Instrument DEK cache fill and request inter-arrival times. 
Kubernetes-commit: 684d6fb0ade6ac088af391cedd70bc847941a54f
 2020-02-18 16:39:53 -08:00
Davanum Srinivas cde2338e26 update generated files 
Kubernetes-commit: b3853138a4f1a0637ec3c38a5c59f8228765b261
 2020-01-13 17:56:56 -05:00
immutablet 5cec6b4746 Add defaulting logic for EncryptionConfiguration. 
Kubernetes-commit: a151aa35dc21881d178e498141e5f58df13fb400
 2019-11-14 22:53:18 -08:00
immutablet 29f5d9ba4a Move the common logic of checking for kms-plugin's version into gRPC client interceptor. 
Kubernetes-commit: d2b4723302e61efdd942d59801f18ae3ec24887a
 2019-10-25 15:08:52 -07:00
immutablet 3079381054 Use single kms-plugin mock in unit and integration tests. 
Kubernetes-commit: 4d24b41410f2253c7b2f9e2b6d56910894016c61
 2019-10-11 15:25:05 -07:00
immutablet 5035dae3d5 Replace deprecated methods in the logic involved in the construction of gRPC connection to kms-plugin. 
Kubernetes-commit: e50c264c35a32200febde3b10838b2ef2f986c39
 2019-10-07 15:57:47 -07:00
chenyaqi01 4f9778fb9d replace bytes.Compare() with bytes.Equal() 
Kubernetes-commit: 66be69bb0e7fd147be650385d272ae14ee2857c8
 2019-09-27 10:06:50 +08:00
Shihang Zhang 53db7e198a change envelope transformer to return status error for better monitoring 
Change-Id: I8263c4673d5f57617acf315c7af6ebe5aacd9c7c

Kubernetes-commit: cba43530d77d7f28bc302912e8f43c4a69fdec3b
 2019-09-10 13:12:31 -07:00
haoshuwei 5bce489f18 fix some ineffassigns 
Signed-off-by: haoshuwei <haoshuwei24@gmail.com>

Kubernetes-commit: aaed9daf9b44757e767d93bd45d1bb0412c00243
 2019-09-09 18:52:17 +08:00
Antoine Pelisse 0c3358252b Regenerate 
Kubernetes-commit: 6568325ca2bef519e5c8228cd33887660b5ed7b0
 2019-07-24 15:21:55 -07:00
Vallery Lancey 6e15e9a893 Updated github.com/gogo/protobuf from SHA to nearest-pinnable tag (v1.0.0), as part of dependency management cleanup: #79234 
Kubernetes-commit: fe59ee8aaf8c7399476d286349caca9e3c05c522
 2019-07-02 21:44:06 -07:00
Jordan Liggitt 8b9440cfa5 Fix spurious .sock files running envelope unit tests 
Kubernetes-commit: 04b6f1ea03f88abd9eb3a2635995a405f68527e0
 2019-06-13 10:52:59 -04:00
Roy Lenferink 4c9524b9fb Updated OWNERS files to include link to docs 
Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f
 2019-01-30 20:05:00 +01:00
immutableT 9c474d9c53 require timeout to be greater than zero. 
add unit test to cover timeout behaviour.

Kubernetes-commit: 39aca564749cd92ed1cfec7129eb3f6593549137
 2019-01-04 17:06:07 -08:00
Nikhita Raghunath e6d011f6fa Add license header to non-generated proto files 
Kubernetes-commit: 6285db6576553e40aacb74579de57a77e19bb434
 2018-10-30 22:29:07 +05:30
Davanum Srinivas 2710b17b80 Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135

Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
 2018-11-09 13:49:10 -05:00
Jordan Liggitt 136e478e9f encryption-at-rest approvers/reviewers 
Kubernetes-commit: 666c93a8343029a499ea64de8a6d09596097ccb3
 2018-11-02 17:38:17 -04:00
Joe Betz 5c1ed41d69 Update etcd client to 3.3.9 
Kubernetes-commit: 4263c752115c3796ee5715c7de4cbc2e237809d3
 2018-10-01 16:53:57 -07:00
immutableT d0ea04d52d Increase time-out of kms-service concurrency tests. 
Kubernetes-commit: fd64c3bac6f2a611a154c86c93fd77404404aba5
 2018-10-05 16:22:00 +00:00
Mike Danese 93a015d36a refactor envelope to use cryptobytes 
Kubernetes-commit: 36ab52b428f6b87df5bdd85f253758967bf0a240
 2018-09-28 23:02:42 -07:00
immutablet e9bce895cf Lazily dial kms-plugin. 
Kubernetes-commit: 07cbf2545f705d0448631f479a18d0b86b7055dc
 2018-09-12 14:56:44 -07:00
fisherxu 164f30a663 use dailcontext 
Kubernetes-commit: 89f3fa3d62791e756dcbd645818ea03d7c1a86b8
 2018-08-24 10:18:21 +08:00
immutablet 842873f83e Add support for linux abstract socket namespace. 
Kubernetes-commit: 01008911687c27b15aee4766a70786684bdb3f01
 2018-05-31 14:00:42 -07:00
immutablet 5ae492efc5 Add metrics for envelop transformer: 
transformation_operation_count
    transformation_failures_count
    envelope_transformation_cache_misses_count
    data_key_generation_latencies_microseconds
    data_key_generation_failures_count

Kubernetes-commit: 695c3e32ad0ff144b36e4deed13a678120f5b6fb
 2018-05-29 14:40:39 -07:00
Yang Li a362c0e81d apiserver: update tests to use sub-benchmarks (aes_test.go) 
Kubernetes-commit: 19026bf9620a65ed2edb10cdfe096cd3afb6f87e
 2018-05-27 15:52:05 +08:00
Yang Li 7acf498bec apiserver: update tests to use sub-benchmarks (secretbox_test.go) 
Kubernetes-commit: 6647b92c86b2dd5dc5c6af457c400b3ee55c7c39
 2018-05-27 16:19:11 +08:00
Justin Santa Barbara f9ec73e95b Fix typo in envelope transform error message 
Kubernetes-commit: 8f87e5c7dab27671e1f68356e825deab879630bf
 2018-05-09 09:36:29 -04:00