CNTRLPLANE-3367: Add KMS key rotation section#2041
Conversation
This covers an annotation-based approach to detect and migrate on external KEK changes in the KMS plugin architecture. This design differs from openshift#2036 by centralizing everything in the existing key controller instead of creating a new rotation controller.
|
@tjungblu: This pull request references CNTRLPLANE-3367 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@tjungblu: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/lgtm |
This covers an annotation-based approach to detect and migrate on external KEK changes in the KMS plugin architecture.
This design differs from #2036 by centralizing everything in the existing key controller instead of creating a new rotation controller.