API-1843: KMSEncryptionProvider Feature Gate #2071
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
Hello @swghosh! Some important instructions when contributing to openshift/api: |
|
/test all |
openshift-ci
bot
added
the
size/XS
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: swghosh The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
size/S
|
/test all |
2 similar comments
|
/test all |
|
/test all |
openshift-ci-robot
added
the
jira/valid-reference
|
@swghosh: This pull request references API-1843 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.18.0" version, but no target version was set. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
Please add an appropriate PR description to explain the motivation behind this change. Neither the PR, nor the card linked really explain what we are doing here, or why |
|
@swghosh: This pull request references API-1843 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.18.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@JoelSpeed added description about the feature. |
|
/retest |
1 similar comment
|
/retest |
|
According to the upstream documentation, this feature is stable as of 1.29, which would be 4.16. It is my understanding that if an upstream feature is declared stable, and we have not otherwise specified the gate status, then the feature is already enabled. This PR appears to disable a feature that has previously been enabled. /hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
/test ci/prow/verify |
|
@deads2k: The specified target(s) for
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/test verify |
swghosh
force-pushed
the
dummy
branch
3 times, most recently
from
e55206a
to
5d2d7dc
Compare
swghosh
changed the title
Yes, that was the root cause causing those e2e failures Thanks @JoelSpeed! xref: https://redhat-internal.slack.com/archives/C06DXMRLXQT/p1729766294150549 |
|
Ok, I'm happy with this change, but before we merge, I'd like to see some initial reviews on the EP so that we are confident this is agreeable enough within the team and other stakeholders @tkashem, once you are happy enough with the EP that the implementation can start, please LGTM here and ping me on slack and I'll get the approval on |
openshift-merge-robot
added
the
needs-rebase
openshift-merge-robot
removed
the
needs-rebase
openshift-ci
bot
added
size/M
* generated files from `PROTO_OPTIONAL="true" make update` Signed-off-by: Swarup Ghosh <[email protected]>
|
PR is good to go, but we should get the EP into a state where the first round of reviews are in before we merge the gate, if we don't have at least some consensus, merging this would add a gate that is unneeded |
|
/test all |
|
@swghosh: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Feature: KMS Encryption Provider for sensitive etcd Resources
A user-configurable interface to support encryption of data stored in etcd using a supported Key Management Service (KMS).
OpenShift would need to align closer with KMS evolution upstream with respect to the different Kubernetes Encryption Providers available today that can encrypt resources from APIServer EncryptionConfig, https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/.
User Stories:
xref: OCPSTRAT-108, API-1684