Apply resource transformers #14836
Apply resource transformers #14836
Conversation
| @@ -216,6 +217,17 @@ func BuildStorageFactory(masterConfig configapi.MasterConfig, server *kapiserver | |||
| // keep Deployments in extensions for backwards compatibility, we'll have to migrate at some point, eventually | |||
| storageFactory.AddCohabitatingResources(extensions.Resource("deployments"), apps.Resource("deployments")) | |||
|
|
|||
| if server.Etcd.EncryptionProviderConfigFilepath != "" { | |||
| glog.V(4).Infof("Reading encryption configuration from %q", server.Etcd.EncryptionProviderConfigFilepath) | |||
There was a problem hiding this comment.
This log line was added by me. I think it won't hurt but it simplifies a debugging process.
|
This is more of a vision question. If we're going to change our deployment model to mirror kube with separate processes and we want our configs to look consistent, then this change is ok. If we want to keep our single process with a nicer config, then this seems odd since we'd want to auto-create the keys to encrypt by default. |
|
For 3.6 at least it's limited support, so sticking as close as
possible to upstream in how it's enabled helps us. I haven't thought
much about encrypt by default yet, but good point on the keys.
|
|
@openshift/security |
|
2 weeks and no objections... I think it can be merged then :) |
|
[test] |
|
test flake #9309 |
|
[test] |
|
Evaluated for origin test up to a53531e |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin/3035/) (Base Commit: fe7173b) (PR Branch Commit: a53531e) |
|
[merge][severity:blocker] |
|
Test flake #14897 |
|
#14897 [merge][severity:blocker] |
|
Evaluated for origin merge up to a53531e |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_request_origin/1260/) (Base Commit: d4f473a) (PR Branch Commit: a53531e) (Extended Tests: blocker) (Image: devenv-rhel7_6433) |
A follow-up to #14798
BuildStorageFactoryfromvendor/k8s.io/kubernetes/cmd/kube-apiserver/app/server.godoesn't get executed on OpenShift and hence encryption config wasn't being read and the transformers weren't being applied. This PR fixes this.PTAL @smarterclayton @liggitt @simo5