support asymmetric encryption algorithms in ClusterConfigration #11751
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
the
size/XS
| @@ -236,3 +236,6 @@ kube_apiserver_tracing_sampling_rate_per_million: 100 | |||
|
|
|||
| # Enable kubeadm file discovery if anonymous access has been removed | |||
| kubeadm_use_file_discovery: "{{ remove_anonymous_access }}" | |||
|
|
|||
| # Set the asymmetric encryption algorithm for the cluster's keys and certificates | |||
| kube_asym_encryption_algorithm: "RSA-2048" | |||
There was a problem hiding this comment.
| kube_asym_encryption_algorithm: "RSA-2048" | |
| kube_asymmetric_encryption_algorithm: "RSA-2048" |
Not worth saving some character over this.
Also, can you add a link here to the relevant Kubernetes documentation ?
k8s-ci-robot
added
the
ok-to-test
Signed-off-by: bo.jiang <[email protected]>
ErikJiang
force-pushed
the
add_kube_encryption_algorithm
branch
from
edec694 to
af00f70
Compare
ErikJiang
changed the title
| @@ -236,3 +236,8 @@ kube_apiserver_tracing_sampling_rate_per_million: 100 | |||
|
|
|||
| # Enable kubeadm file discovery if anonymous access has been removed | |||
| kubeadm_use_file_discovery: "{{ remove_anonymous_access }}" | |||
|
|
|||
| # Supported asymmetric encryption algorithm types for the cluster's keys and certificates. | |||
| # can be one of RSA-2048(default), RSA-3072, RSA-4096, ECDSA-P256 | |||
There was a problem hiding this comment.
The upstream docs apparently disagree:
encryptionAlgorithm holds the type of asymmetric encryption algorithm used for keys and certificates. Can be "RSA" (default algorithm, key size is 2048) or "ECDSA" (uses the P-256 elliptic curve).
But given kubernetes/kubernetes#123054 I assume the docs are outdated
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ErikJiang, VannTen The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
Hum, I wanted to ask you to add some variations in the CI to test this, I forgot about it... 😄 |
…igs#11751)" This reverts commit 9f01eff.
|
/release-note-edit (Since we're reverting this) |
|
/release-note-none |
|
@VannTen: you can only set the release note label to release-note-none if the release-note block in the PR body text is empty or "none". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
release-note-none
Signed-off-by: bo.jiang <[email protected]>
…igs#11751)" (kubernetes-sigs#11756) This reverts commit 9f01eff.
What type of PR is this?
/kind feature
What this PR does / why we need it:
Add
ClusterConfiguration.encryptionAlgorithmto specify an asymmetric encryption algorithm for the cluster's certificates and keys.Which issue(s) this PR fixes:
Fixes #11749
Special notes for your reviewer:
Does this PR introduce a user-facing change?: