bdd7082eed
chore(kms): remove unused plugin name and migrate from deprecated `io/ioutil` pkg
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 7db7a63959162d743f771183bf4e88e82afef868
2022-08-23 22:55:22 +00:00
225e26ac4a
Implement KMS v2alpha1
...
- add feature gate
- add encrypted object and run generated_files
- generate protobuf for encrypted object and add unit tests
- move parse endpoint to util and refactor
- refactor interface and remove unused interceptor
- add protobuf generate to update-generated-kms.sh
- add integration tests
- add defaulting for apiVersion in kmsConfiguration
- handle v1/v2 and default in encryption config parsing
- move metrics to own pkg and reuse for v2
- use Marshal and Unmarshal instead of serializer
- add context for all service methods
- check version and keyid for healthz
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: f19f3f409938ff9ac8a61966e47fbe9c6075ec90
2022-06-29 20:51:35 +00:00
12a8b7fef3
grpc: move to use grpc.WithTransportCredentials()
...
v1.43.0 marked grpc.WithInsecure() deprecated so this commit moves to use
what is the recommended replacement:
grpc.WithTransportCredentials(insecure.NewCredentials())
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Kubernetes-commit: 2c8bfad9106039aa15233b5bf7282b25a7b7e0a0
2022-05-11 12:13:28 +03:00
c6c1465ed7
Add KMS v2alpha1 API
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 907545445ab8b4e34c1068ab9828a930c30cbfc4
2022-05-24 23:43:09 +00:00
e442eafb33
feat: prepare KMS data encryption for migration to AES-GCM
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Co-authored-by: Monis Khan <mok@vmware.com>
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 90b42f91fd904b71fd52ca9ae55a5de73e6b779a
2022-03-16 17:54:10 +00:00
af1cb1cefe
storage: transformers: pass a context.Context
...
When an envelope transformer calls out to KMS (for instance), it will be
very helpful to pass a `context.Context` to allow for cancellation. This
patch does that, while passing the previously-expected additional data
via a context value.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: 27312feb9983c18d1daf00afba788727d024cdd0
2022-02-17 07:29:44 -08:00
56a3a30ae1
Check in OWNERS modified by update-yamlfmt.sh
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d
2021-12-09 21:31:26 -05:00
ab3cca3647
Fix staticcheck in apiserver and client-go pkgs
...
Kubernetes-commit: 830a137d2ea70663cd94403595313b95ac40ffe8
2021-06-19 22:03:46 +02:00
771ffe6475
generated: Run hack/update-gofmt.sh
...
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Kubernetes-commit: 481cf6fbe753b9eb2a47ced179211206b0a99540
2021-08-12 17:13:11 -04:00
fe1610f3fe
switch from golang-lru to the one in k8s.io/utils
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 79d0c6cdc10293c9bfe644ce31dc186a936579b0
2021-07-07 13:45:07 -04:00
4a6863aa9a
the last upperbound of kms latency metric is too small
...
Kubernetes-commit: 6d7c83f2cd19455107bc02bc98fed2296bb46dca
2021-02-23 14:19:25 -08:00
549cbbf8de
fix broken link in some files
...
Kubernetes-commit: b29a5fb0746f772b38da570cd8fdc77396ffca31
2021-04-13 08:43:24 +08:00
dfad5032fb
Fix ALPHA stability level reference link
...
Kubernetes-commit: e01a21469b9719f7d0e84021c032cd8f0016b5d2
2021-01-31 15:37:07 -08:00
5879417a28
switch over k/k to use klog v2
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5
2020-04-17 15:25:06 -04:00
66b663f223
Instrument DEK cache fill and request inter-arrival times.
...
Kubernetes-commit: 684d6fb0ade6ac088af391cedd70bc847941a54f
2020-02-18 16:39:53 -08:00
cde2338e26
update generated files
...
Kubernetes-commit: b3853138a4f1a0637ec3c38a5c59f8228765b261
2020-01-13 17:56:56 -05:00
fdd895e164
remove last part of deprecated metrics
...
Kubernetes-commit: 606e4503cf4cea9f05cfd467b88c88cf9c5648d9
2019-12-27 14:23:11 +08:00
669e87efbe
clean SinceInMicroseconds, convert to SinceInSeconds
...
Kubernetes-commit: ab182552b485ceed96c3b05d284ae9480377daf8
2019-04-15 16:18:01 +08:00
b31ce5f20e
remove deprecated metrics of apiserver
...
Kubernetes-commit: 060756babbb6991cf9426c38be595d23e7124b4e
2019-04-12 16:15:13 +08:00
5cec6b4746
Add defaulting logic for EncryptionConfiguration.
...
Kubernetes-commit: a151aa35dc21881d178e498141e5f58df13fb400
2019-11-14 22:53:18 -08:00
5f15b07078
Hide apiserver metrics that have been deprecated in 1.15
...
Kubernetes-commit: 627a9abc9edb2b06c3b30e53ccd422e15c1f6ea1
2019-10-12 21:17:01 +08:00
de8c866328
Hide apiserver metrics that have been deprecated in 1.14
...
Update E2E test accordingly.
Kubernetes-commit: 5e0695e339ff0887ebebddfa8630de191f7fa235
2019-10-12 20:25:10 +08:00
29f5d9ba4a
Move the common logic of checking for kms-plugin's version into gRPC client interceptor.
...
Kubernetes-commit: d2b4723302e61efdd942d59801f18ae3ec24887a
2019-10-25 15:08:52 -07:00
3079381054
Use single kms-plugin mock in unit and integration tests.
...
Kubernetes-commit: 4d24b41410f2253c7b2f9e2b6d56910894016c61
2019-10-11 15:25:05 -07:00
dfdab3a0c8
Remove direct reference to prometheus from apiserver/pkg/storage/value.
...
Kubernetes-commit: 78d0f1827acfb8400d6e1622d55bdfed64b047ed
2019-10-09 21:58:51 +08:00
5035dae3d5
Replace deprecated methods in the logic involved in the construction of gRPC connection to kms-plugin.
...
Kubernetes-commit: e50c264c35a32200febde3b10838b2ef2f986c39
2019-10-07 15:57:47 -07:00
7687c3a4e8
Migrate prometheus bucket functionality to metrics stability framework.
...
Kubernetes-commit: 1f9ab1b85c5560a155b1702d1b5d28aa2d95a1b7
2019-09-12 17:10:44 +08:00
4f9778fb9d
replace bytes.Compare() with bytes.Equal()
...
Kubernetes-commit: 66be69bb0e7fd147be650385d272ae14ee2857c8
2019-09-27 10:06:50 +08:00
53db7e198a
change envelope transformer to return status error for better monitoring
...
Change-Id: I8263c4673d5f57617acf315c7af6ebe5aacd9c7c
Kubernetes-commit: cba43530d77d7f28bc302912e8f43c4a69fdec3b
2019-09-10 13:12:31 -07:00
5bce489f18
fix some ineffassigns
...
Signed-off-by: haoshuwei <haoshuwei24@gmail.com>
Kubernetes-commit: aaed9daf9b44757e767d93bd45d1bb0412c00243
2019-09-09 18:52:17 +08:00
298cf1beec
Encryption config: correctly handle overlapping providers
...
This change updates NewPrefixTransformers to not short-circuit on
the first transformer that has a matching prefix. If the same type
of encryption ProviderConfiguration is used more than once, they
will share the same prefix. A failure in the first one should not
prevent a later match from being attempted.
Added TestCBCKeyRotationWithOverlappingProviders unit test to
prevent regressions. Note that this test explicitly exercises this
flow using an EncryptionConfiguration object as the structure of the
resulting transformer is an important part of the check.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: 4dc16f29a7285a4bcaff1915728953d8a55e1b6e
2019-09-06 12:09:43 -04:00
3e6e1db500
add some documentation around the metrics stability migration changes for clarity
...
Kubernetes-commit: 4e5d906c4d008f914b0ede26ea91533d6343dec5
2019-08-26 19:15:30 -07:00
b9084e350a
migrate kube-apiserver metrics to stability framework
...
Kubernetes-commit: 466980dd747e06e55451301c624eecccfa505123
2019-08-22 15:38:42 -07:00
7bf3105100
inject transformer prefix into metric
...
Change-Id: Iacab685a710d8f8d5b80ed0d35e5ccc22bd929cb
Kubernetes-commit: 099484ee5fb185e92cd154e29c63cf34201e803f
2019-08-01 14:49:37 -07:00
0c3358252b
Regenerate
...
Kubernetes-commit: 6568325ca2bef519e5c8228cd33887660b5ed7b0
2019-07-24 15:21:55 -07:00
6e15e9a893
Updated github.com/gogo/protobuf from SHA to nearest-pinnable tag (v1.0.0), as part of dependency management cleanup: #79234
...
Kubernetes-commit: fe59ee8aaf8c7399476d286349caca9e3c05c522
2019-07-02 21:44:06 -07:00
8b9440cfa5
Fix spurious .sock files running envelope unit tests
...
Kubernetes-commit: 04b6f1ea03f88abd9eb3a2635995a405f68527e0
2019-06-13 10:52:59 -04:00
b5fd10ca67
Add transformation_operations_total to transformer metrics.
...
Kubernetes-commit: 90c94214147f16e57190895cb287bcbe0a6057fd
2018-11-06 13:48:02 -08:00
c2c5dfe9de
convert latencies in mertics name to duration
...
Kubernetes-commit: c525d329effc6c6460cda947d1bf8092a927c2d3
2019-02-22 22:19:57 +08:00
4c9524b9fb
Updated OWNERS files to include link to docs
...
Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f
2019-01-30 20:05:00 +01:00
da40ddb2dd
Move etcd latency metrics to histogram and update test case
...
Kubernetes-commit: 8b418631c08cf66ee57c9ec31fe95372a0a3e075
2019-01-02 13:50:02 +08:00
6dc5bb594d
Change storage metrics to conform guideline
...
Kubernetes-commit: 47938c373301a3a506d73f793ea3bc8256beb428
2018-12-26 17:51:16 +08:00
9c474d9c53
require timeout to be greater than zero.
...
add unit test to cover timeout behaviour.
Kubernetes-commit: 39aca564749cd92ed1cfec7129eb3f6593549137
2019-01-04 17:06:07 -08:00
e6d011f6fa
Add license header to non-generated proto files
...
Kubernetes-commit: 6285db6576553e40aacb74579de57a77e19bb434
2018-10-30 22:29:07 +05:30
2710b17b80
Move from glog to klog
...
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
* github.com/kubernetes/repo-infra
* k8s.io/gengo/
* k8s.io/kube-openapi/
* github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods
Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
2018-11-09 13:49:10 -05:00
136e478e9f
encryption-at-rest approvers/reviewers
...
Kubernetes-commit: 666c93a8343029a499ea64de8a6d09596097ccb3
2018-11-02 17:38:17 -04:00
5c1ed41d69
Update etcd client to 3.3.9
...
Kubernetes-commit: 4263c752115c3796ee5715c7de4cbc2e237809d3
2018-10-01 16:53:57 -07:00
d0ea04d52d
Increase time-out of kms-service concurrency tests.
...
Kubernetes-commit: fd64c3bac6f2a611a154c86c93fd77404404aba5
2018-10-05 16:22:00 +00:00
93a015d36a
refactor envelope to use cryptobytes
...
Kubernetes-commit: 36ab52b428f6b87df5bdd85f253758967bf0a240
2018-09-28 23:02:42 -07:00
e9bce895cf
Lazily dial kms-plugin.
...
Kubernetes-commit: 07cbf2545f705d0448631f479a18d0b86b7055dc
2018-09-12 14:56:44 -07:00
Anish Ramasekar
Mikko Ylinen
Steve Kuznetsov
Davanum Srinivas
tiloso
Stephen Augustus
Shihang Zhang
卢振兴10069964
Jiaxin Shan
immutablet
danielqsj
RainbowMango
chenyaqi01
haoshuwei
Monis Khan
Han Kang
Antoine Pelisse
Vallery Lancey
Jordan Liggitt
Roy Lenferink
Nikhita Raghunath
Joe Betz
Mike Danese