Loading...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:

Activity Type:
Product / Portfolio Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
CNTRLPLANE-243
Story Points:
8

Target Version:
None
Release Blocker:
None
Sprint:
OAPE Sprint 263, OAPE Sprint 265, OAPE Sprint 267, CBOR/KMS Sprint 5, CBOR/KMS Sprint 6

Risk Probability:
None

The APIServer Encryption configuration is the single point of entry for configuring KMS encryption.

OpenShift will manage the KMS plugin on behalf of the user on both releases, TP and GA.

At the moment of writing, the KMS plugin will be deployed as a static pod. The various openshift apiservers will either:

Each deploy their own kms plugin static pod
Share the socket for the one kms plugin static pod (the approach taken in the PRs linked to this ticket)

We'll probably go with 1.

is cloned by

API-1904 Support dynamic KMS plugin image references in kube-apiserver operator

New

links to

openshift/cluster-authentication-operator#749: API-1845: ingrate with KMS encryption provider

openshift/cluster-kube-apiserver-operator#1781: API-1845: ingrate with KMS encryption provider

openshift/cluster-openshift-apiserver-operator#610: API-1845: ingrate with KMS encryption provider

Assignee:: Damien Grisonnet

Reporter:: Damien Grisonnet

Need Info From:: None

Contributors:: None

QA Contact:: None

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/09/20 2:21 PM

Updated:: 2025/10/10 1:48 PM