-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apply resource transformers #14836
Apply resource transformers #14836
Conversation
@@ -216,6 +217,17 @@ func BuildStorageFactory(masterConfig configapi.MasterConfig, server *kapiserver | |||
// keep Deployments in extensions for backwards compatibility, we'll have to migrate at some point, eventually | |||
storageFactory.AddCohabitatingResources(extensions.Resource("deployments"), apps.Resource("deployments")) | |||
|
|||
if server.Etcd.EncryptionProviderConfigFilepath != "" { | |||
glog.V(4).Infof("Reading encryption configuration from %q", server.Etcd.EncryptionProviderConfigFilepath) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This log line was added by me. I think it won't hurt but it simplifies a debugging process.
This is more of a vision question. If we're going to change our deployment model to mirror kube with separate processes and we want our configs to look consistent, then this change is ok. If we want to keep our single process with a nicer config, then this seems odd since we'd want to auto-create the keys to encrypt by default. |
For 3.6 at least it's limited support, so sticking as close as
possible to upstream in how it's enabled helps us. I haven't thought
much about encrypt by default yet, but good point on the keys.
|
@openshift/security |
2 weeks and no objections... I think it can be merged then :) |
[test] |
test flake #9309 |
[test] |
Evaluated for origin test up to a53531e |
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin/3035/) (Base Commit: fe7173b) (PR Branch Commit: a53531e) |
[merge][severity:blocker] |
Test flake #14897 |
#14897 [merge][severity:blocker] |
Evaluated for origin merge up to a53531e |
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_request_origin/1260/) (Base Commit: d4f473a) (PR Branch Commit: a53531e) (Extended Tests: blocker) (Image: devenv-rhel7_6433) |
A follow-up to #14798
BuildStorageFactory
fromvendor/k8s.io/kubernetes/cmd/kube-apiserver/app/server.go
doesn't get executed on OpenShift and hence encryption config wasn't being read and the transformers weren't being applied. This PR fixes this.PTAL @smarterclayton @liggitt @simo5