Loading...

XML

Word

Printable

Type: Feature
Resolution: Obsolete
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Core
Labels:

Work Type:
BU Product Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Parent Link:
OCPSTRAT-714Provide Detailed Administrative Control of all OCP Certs and Keys
Hierarchy Progress Bar:

40% To Do, 0% In Progress, 60% Done
Size:
XL

Risk Score:
0

Discussion Needed:

Program Call

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

PX Priority Data:
PX Technical Impact:
PX Impact Range:
PX Scheduling Request:
PX Review Complete:

Intelligence Requested:
Market:

Feature Overview (aka. Goal Summary)

Goals (aka. expected user outcomes)

Minimize the impact of encryption keys rotation
Investigate the impact of losing the primary encryption key
Improve CI job for e2e encryption
Test and document how long an encrypted etcd backup can be accessed
Investigate hitless updates of encryption configuration for api server
Document process for manual forced encryption key rotation
Improvements to ancillary dependencies (e.g. go-lang library)

Requirements (aka. Acceptance Criteria):

rotation of encryption keys should be a non-event even for a high cluster with high level of transactions

depends on

API-1534 Reduce impact of encryption key rotations

Planning

is incorporated by

API-1569 Stabilize encryption at rest

New

is related to

OCPSTRAT-555 Improvements to ETCD datastore encryption [from OCPBU-81]

Closed

relates to

OCPSTRAT-319 [internal] Explore options for hitless automatic defrag of etcd

In Progress

Assignee:: William Caban

Reporter:: William Caban

QA Contact:: Wei Sun

Doc Contact:: Stephanie Stout

Product Operations Engineering Contact:: Eric Rich

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/03/31 8:23 PM

Updated:: 2024/09/05 3:14 AM

Resolved:: 2024/04/25 4:24 PM