Skip to content

Commit

Permalink
Merge pull request #120544 from ritazh/kmsv2-reload-bugbackport
Browse files Browse the repository at this point in the history 
kmsv2: reload metrics bug fix backport

Kubernetes-commit: de7e8547c80bf07fdb0b6ce014a6c6bc129f85c9
  • Loading branch information
@k8s-publishing-bot
k8s-publishing-bot committed Sep 26, 2023
2 parents ef77af0 + 7577990 commit d48ffca
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions pkg/server/options/encryptionconfig/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,13 @@ import (
"k8s.io/apiserver/pkg/apis/config/validation"
"k8s.io/apiserver/pkg/features"
"k8s.io/apiserver/pkg/server/healthz"
"k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics"
storagevalue "k8s.io/apiserver/pkg/storage/value"
aestransformer "k8s.io/apiserver/pkg/storage/value/encrypt/aes"
"k8s.io/apiserver/pkg/storage/value/encrypt/envelope"
envelopekmsv2 "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2"
kmstypes "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/v2"
"k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics"
envelopemetrics "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/metrics"
"k8s.io/apiserver/pkg/storage/value/encrypt/identity"
"k8s.io/apiserver/pkg/storage/value/encrypt/secretbox"
utilfeature "k8s.io/apiserver/pkg/util/feature"
Expand Down Expand Up @@ -104,6 +105,12 @@ const (
kmsReloadHealthCheckName = "kms-providers"
)

func init() {
metrics.RegisterMetrics()
storagevalue.RegisterMetrics()
envelopemetrics.RegisterMetrics()
}

type kmsPluginHealthzResponse struct {
err error
received time.Time
Expand Down Expand Up @@ -445,10 +452,10 @@ func (h *kmsv2PluginProbe) isKMSv2ProviderHealthyAndMaybeRotateDEK(ctx context.C
}

if errCode, err := envelopekmsv2.ValidateKeyID(response.KeyID); err != nil {
metrics.RecordInvalidKeyIDFromStatus(h.name, string(errCode))
envelopemetrics.RecordInvalidKeyIDFromStatus(h.name, string(errCode))
errs = append(errs, fmt.Errorf("got invalid KMSv2 KeyID hash %q: %w", envelopekmsv2.GetHashIfNotEmpty(response.KeyID), err))
} else {
metrics.RecordKeyIDFromStatus(h.name, response.KeyID)
envelopemetrics.RecordKeyIDFromStatus(h.name, response.KeyID)
// unconditionally append as we filter out nil errors below
errs = append(errs, h.rotateDEKOnKeyIDChange(ctx, response.KeyID, string(uuid.NewUUID())))
}
Expand Down

0 comments on commit d48ffca

Please sign in to comment.