This change enables hot reload of encryption config file when api server
flag --encryption-provider-config-automatic-reload is set to true. This
allows the user to change the encryption config file without restarting
kube-apiserver. The change is detected by polling the file and is done
by using fsnotify watcher. When file is updated it's process to generate
new set of transformers and close the old ones.
Signed-off-by: Nilekh Chaudhari <1626598+nilekhc@users.noreply.github.com>
This change updates the API server code to load the encryption
config once at start up instead of multiple times. Previously the
code would set up the storage transformers and the etcd healthz
checks in separate parse steps. This is problematic for KMS v2 key
ID based staleness checks which need to be able to assert that the
API server has a single view into the KMS plugin's current key ID.
Signed-off-by: Monis Khan <mok@microsoft.com>
ServerResources function was deprecated and instead ServerGroupsAndResources
function is suggested.
This PR removes ServerResources function and move every place to use ServerGroupsAndResources.
The unit test for controlplane produces a warning caused by using deprecated default cluster IPs.
make test WHAT=./pkg/controlplane GOFLAGS=-v
W1015 07:42:59.203836 111754 services.go:37] No CIDR for service cluster IPs specified. Default value which was 10.0.0.0/24 is deprecated and will be removed in future releases. Please specify it using --service-cluster-ip-range on kube-apiserver.
This warning appears in six tests, TestValidOpenAPISpec, TestLegacyRestStorageStrategies, TestCertificatesRestStorageStrategies, TestVersion, TestAPIVersionOfDiscoveryEndpoints, TestStorageVersionHashes and TestStorageVersionHashEqualities.
This patch fixes the warning by passing ServiceIPRange.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
