Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API-1701: [PoC] Encryption with KMS #1625

Draft
wants to merge 19 commits into
base: master
Choose a base branch
from
Draft

API-1701: [PoC] Encryption with KMS #1625

wants to merge 19 commits into from

Commits on Jan 17, 2024

  1. revert dev cert rotation for 4.13

    @tkashem @swghosh
    tkashem authored and swghosh committed Jan 17, 2024
    Configuration menu
    Copy the full SHA
    52eef41 View commit details
    Browse the repository at this point in the history

  2. Update pod.yaml in bindata to add cloud kms plugin 

    Co-authored-by: Chirag Kyal <[email protected]>
    @swghosh @chiragkyal
    swghosh and chiragkyal committed Jan 17, 2024
    Configuration menu
    Copy the full SHA
    4314747 View commit details
    Browse the repository at this point in the history

  3. Add a draft kmse

    @swghosh
    swghosh committed Jan 17, 2024
    Configuration menu
    Copy the full SHA
    824bccc View commit details
    Browse the repository at this point in the history

  4. Add kms-plugin socket dir mountpath to kube-apiserver

    @swghosh
    swghosh committed Jan 17, 2024
    Configuration menu
    Copy the full SHA
    a9f27da View commit details
    Browse the repository at this point in the history

  5. Draft, but workable: EncStateController copied from library-go

    @swghosh
    swghosh committed Jan 17, 2024
    Configuration menu
    Copy the full SHA
    0ef7261 View commit details
    Browse the repository at this point in the history

  6. Patch encryption-config object to add kms as first provider

    @swghosh
    swghosh committed Jan 17, 2024
    Configuration menu
    Copy the full SHA
    ac18eb1 View commit details
    Browse the repository at this point in the history

  7. For decrypting the kms enc

    @swghosh
    swghosh committed Jan 17, 2024
    Configuration menu
    Copy the full SHA
    32a491e View commit details
    Browse the repository at this point in the history

  8. Add hack-kms directory 

    * sh script to run operator locally
* example openshift encryption-config for aescbc encrypted and decrypted
* example desired encryption-config with kms

Signed-off-by: Swarup Ghosh <[email protected]>
    @swghosh
    swghosh committed Jan 17, 2024
    Configuration menu
    Copy the full SHA
    b22c714 View commit details
    Browse the repository at this point in the history

  9. Add gcloud-cmd.sh, operator local run shell script update 

    Signed-off-by: Swarup Ghosh <[email protected]>
    @swghosh
    swghosh committed Jan 17, 2024
    Configuration menu
    Copy the full SHA
    14e3003 View commit details
    Browse the repository at this point in the history

  10. Up up

    @swghosh
    swghosh committed Jan 17, 2024
    Configuration menu
    Copy the full SHA
    d1c18b4 View commit details
    Browse the repository at this point in the history

Commits on Jan 23, 2024

  1. Add aws kms static assets for 

    hacky kms setup pod
    @swghosh
    swghosh committed Jan 23, 2024
    Configuration menu
    Copy the full SHA
    262f220 View commit details
    Browse the repository at this point in the history

Commits on Jan 24, 2024

  1. Add aws kms templated injection

    @swghosh
    swghosh committed Jan 24, 2024
    Configuration menu
    Copy the full SHA
    ec08943 View commit details
    Browse the repository at this point in the history

  2. Fill values to aws vars in kms container through target config contro… 

    …ller
    @swghosh
    swghosh committed Jan 24, 2024
    Configuration menu
    Copy the full SHA
    2ea0d38 View commit details
    Browse the repository at this point in the history

  3. Update kms plugin liveness probe freq

    @swghosh
    swghosh committed Jan 24, 2024
    Configuration menu
    Copy the full SHA
    c9a3b27 View commit details
    Browse the repository at this point in the history

  4. Minor nit

    @swghosh
    swghosh committed Jan 24, 2024
    Configuration menu
    Copy the full SHA
    e8cc4de View commit details
    Browse the repository at this point in the history

Commits on Jan 25, 2024

  1. Smarter kms instantiation but still way hacky

    @swghosh
    swghosh committed Jan 25, 2024
    Configuration menu
    Copy the full SHA
    de740a4 View commit details
    Browse the repository at this point in the history

  2. Use KMS v2

    @swghosh
    swghosh committed Jan 25, 2024
    Configuration menu
    Copy the full SHA
    89e70b4 View commit details
    Browse the repository at this point in the history

  3. Now run KMSv2 e2e on a running AWS cluster with one command: 

    bash hack-kms/run-operator-locally.sh
    @swghosh
    swghosh committed Jan 25, 2024
    Configuration menu
    Copy the full SHA
    bd40458 View commit details
    Browse the repository at this point in the history

Commits on Apr 2, 2024

  1. Patch encryption config name with count prefix 

    this is due to upstream changes in EncryptionConfig loader for k8s v1.29+

Signed-off-by: Swarup Ghosh <[email protected]>
    @swghosh
    swghosh committed Apr 2, 2024
    Configuration menu
    Copy the full SHA
    e3f3e37 View commit details
    Browse the repository at this point in the history