API-1843: KMSEncryptionProvider Feature Gate #2071
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
Hello @swghosh! Some important instructions when contributing to openshift/api: |
|
/test all |
openshift-ci
bot
added
the
size/XS
openshift-ci
bot
added
size/S
|
/test all |
2 similar comments
|
/test all |
|
/test all |
openshift-ci-robot
added
the
jira/valid-reference
|
@swghosh: This pull request references API-1843 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.18.0" version, but no target version was set. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
Please add an appropriate PR description to explain the motivation behind this change. Neither the PR, nor the card linked really explain what we are doing here, or why |
|
@swghosh: This pull request references API-1843 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.18.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@JoelSpeed added description about the feature. |
|
/retest |
1 similar comment
|
/retest |
|
According to the upstream documentation, this feature is stable as of 1.29, which would be 4.16. It is my understanding that if an upstream feature is declared stable, and we have not otherwise specified the gate status, then the feature is already enabled. This PR appears to disable a feature that has previously been enabled. /hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
/test ci/prow/verify |
|
@deads2k: The specified target(s) for
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/test verify |
openshift-ci
bot
added
size/M
|
PR is good to go, but we should get the EP into a state where the first round of reviews are in before we merge the gate, if we don't have at least some consensus, merging this would add a gate that is unneeded |
|
/test all |
|
/retest |
openshift-merge-robot
added
the
needs-rebase
* generated files from `PROTO_OPTIONAL="true" make update` Signed-off-by: Swarup Ghosh <[email protected]>
openshift-merge-robot
removed
the
needs-rebase
openshift-ci
bot
added
size/S
this looks good to me for tech-preview |
|
/label acknowledge-critical-fixes-only |
|
thanks @tkashem |
openshift-ci
bot
added
acknowledge-critical-fixes-only
|
/retest Looks good, but I'd like to see if these test failures are related |
|
/lgtm PR is inert, I don't believe the tests failures are related and relevant components (eg KAS) don't recognise the gate, so we've got past my concern about overlapping gates |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JoelSpeed, swghosh, tkashem The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/hold It sounds like this feature might need a little more time to bake, I'd like to hold this until the API is ready to go and the EP has at least had some review. From discussion with @wallylewis we don't need to rush this into 4.18 so lets wait until after branch cut |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
@swghosh: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Feature: KMS Encryption Provider for sensitive etcd Resources
A user-configurable interface to support encryption of data stored in etcd using a supported Key Management Service (KMS).
OpenShift would need to align closer with KMS evolution upstream with respect to the different Kubernetes Encryption Providers available today that can encrypt resources from APIServer EncryptionConfig, https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/.
User Stories:
xref: OCPSTRAT-108, API-1684