Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recommend replicating encryption key for API data encryption at rest #44721

Merged
merged 1 commit into from
Jan 17, 2024
Merged

Recommend replicating encryption key for API data encryption at rest #44721

merged 1 commit into from
Jan 17, 2024

Conversation

sftim
Copy link
Contributor

@sftim sftim commented Jan 12, 2024

This is split out from PR #33285 in order to make a review more likely. See that PR and its previews to show the changes in a wider context.

When using API encryption at rest without KMS, document that the same encryption key must be securely replicated to all the hosts that run a kube-apiserver.

/sig security docs
/language en

@sftim
Recommend replicating encryption key
0e05396 
When using API encryption at rest without KMS, the same encryption key
must be securely replicated to all the hosts that run a kube-apiserver.

Document that.
@k8s-ci-robot k8s-ci-robot added sig/security Categorizes an issue or PR as relevant to SIG Security. sig/docs Categorizes an issue or PR as relevant to SIG Docs. language/en Issues or PRs related to English language cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jan 12, 2024
@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jan 12, 2024
@netlify Netlify
Copy link

netlify bot commented Jan 12, 2024

Pull request preview available for checking

Built without sensitive environment variables

Name Link
🔨 Latest commit 0e05396
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-io-main-staging/deploys/65a14f4b2fbc000008a1571a
😎 Deploy Preview https://deploy-preview-44721--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Princesso
Princesso reviewed Jan 13, 2024
View reviewed changes
Copy link
Contributor

@Princesso Princesso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 13, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: cf185cc48f592c1ccf7d5f862f7f66ac0e62a408

@reylejano
Copy link
Member

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: reylejano

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 17, 2024
@k8s-ci-robot k8s-ci-robot merged commit ef9194b into kubernetes:main Jan 17, 2024
6 checks passed
@sftim sftim deleted the 20240112_revise_encryption_at_rest branch January 17, 2024 23:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Princesso Princesso Princesso left review comments

@enj enj Awaiting requested review from enj

@smarterclayton smarterclayton Awaiting requested review from smarterclayton

Assignees

@Princesso Princesso

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. language/en Issues or PRs related to English language lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/docs Categorizes an issue or PR as relevant to SIG Docs. sig/security Categorizes an issue or PR as relevant to SIG Security. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sftim @k8s-ci-robot @reylejano @Princesso