K8SPS-421: Add keyring vault support #938
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
egegunes
force-pushed
the
K8SPS-421
branch
2 times, most recently
from
79e5d50 to
97a85e2
Compare
egegunes
requested review from
jvpasinatto,
eleo007,
valmiranogueira,
hors,
pooknull,
nmarukovich and
gkech
as code owners
| ), | ||
| SecurityContext: spec.PodSecurityContext, | ||
| SecurityContext: spec.PodSecurityContext, | ||
| Volumes: statefulSetVolumes(cr), |
There was a problem hiding this comment.
We have some more prs that are doing almost the same for this release, so we will have conflicts here for sure.
| }, | ||
| } | ||
|
|
||
| if cr.CompareVersion("0.11.0") >= 0 { |
There was a problem hiding this comment.
Given that the operator has not been released as GA yet, I think we can skip this check, since we don't do anything similar elsewhere in the codebase at this stage, WDYT?
There was a problem hiding this comment.
no, we decided that we should do version checks starting from this release
There was a problem hiding this comment.
I can't recall the decision, but given that we don't have a related e2e test to ensure that potential changes do not break this consistency, I think we should wait for a test to exist before we start applying compare versions. cc @hors
CHANGE DESCRIPTION
This PR adds data-at-rest-encryption support using Vault keyring plugin.
To enable encryption, users need to provide the keyring configuration in a secret (
spec.mysql.vaultSecretName). Example secret can be found indeploy/vault-secret.yaml.Two new e2e-tests are added to cover this feature:
CHECKLIST
Jira
Needs Doc) and QA (Needs QA)?Tests
Config/Logging/Testability