CNTRLPLANE-2711: extend kms encryption enhancement with vault KMS plugin api by flavianmissi · Pull Request #1972 · openshift/enhancements

flavianmissi · 2026-04-15T13:06:36Z

No description provided.

openshift-ci-robot · 2026-04-15T13:06:41Z

@flavianmissi: This pull request references CNTRLPLANE-2711 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci · 2026-04-15T13:06:53Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jerpeter1 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

ardaguclu

From kms feature team point of view, these changes look good to me. Thank you.

flavianmissi · 2026-04-20T13:48:54Z

/retitle CNTRLPLANE-2711: extend kms encryption enhancement with vault KMS plugin api

everettraven

Aside from a minor comment, the EP changes look pretty good to me.

I'll do a proper API review on the corresponding openshift/api PR as part of my review process here.

ardaguclu · 2026-04-21T15:06:33Z

/lgtm

benluddy · 2026-04-27T19:28:50Z

+           tls:
+             caBundle:
+               name: vault-ca-bundle  # ConfigMap in openshift-config namespace
+             serverName: vault.example.com


Is there already a need today to make this independently configurable rather than derived from "vaultAddress"?

Sort of. The Vault KMS Plugin supports this via the --tls-sni command line argument, so it felt natural that we would too. See https://github.com/hashicorp/web-unified-docs/blob/428f75ec56f3ee7aada7069eb4c91093853e72cb/content/vault/v1.21.x/content/docs/deploy/kubernetes/kms/configuration.mdx#connection-parameters for reference.

openshift-ci · 2026-04-28T12:39:46Z

@flavianmissi: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

ardaguclu · 2026-04-29T14:19:51Z

/lgtm

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Apr 15, 2026

openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 15, 2026

openshift-ci Bot requested review from shawn-hurley and yuqi-zhang April 15, 2026 13:06

flavianmissi mentioned this pull request Apr 15, 2026

[WIP] CNTRLPLANE-2711: introduce configuration api for vault kms plugin #1954

Closed

flavianmissi force-pushed the extend-kms-ep branch 2 times, most recently from 62a8101 to 5a2fe63 Compare April 15, 2026 14:46

ardaguclu reviewed Apr 15, 2026

View reviewed changes

Comment thread enhancements/kube-apiserver/kms-encryption-foundations.md

flavianmissi force-pushed the extend-kms-ep branch 4 times, most recently from 76e73dd to fd23ae1 Compare April 20, 2026 11:58

openshift-ci Bot changed the title ~~[WIP] CNTRLPLANE-2711: extend kms encryption enhancement with vault KMS plugin api~~ CNTRLPLANE-2711: extend kms encryption enhancement with vault KMS plugin api Apr 20, 2026

openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 20, 2026

everettraven reviewed Apr 21, 2026

View reviewed changes

Comment thread enhancements/kube-apiserver/kms-encryption-foundations.md

flavianmissi force-pushed the extend-kms-ep branch from fd23ae1 to 8359471 Compare April 21, 2026 11:26

openshift-ci Bot assigned ardaguclu Apr 21, 2026

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Apr 21, 2026

benluddy reviewed Apr 27, 2026

View reviewed changes

flavianmissi force-pushed the extend-kms-ep branch from 8359471 to 8485c2e Compare April 28, 2026 11:58

openshift-ci Bot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed lgtm Indicates that a PR is ready to be merged. labels Apr 28, 2026

flavianmissi force-pushed the extend-kms-ep branch from 8485c2e to 61a5e2c Compare April 28, 2026 12:00

openshift-ci Bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 28, 2026

extend kms encryption enhancement with vault KMS plugin api

56b4479

flavianmissi force-pushed the extend-kms-ep branch from 61a5e2c to 56b4479 Compare April 28, 2026 12:21

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Apr 29, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CNTRLPLANE-2711: extend kms encryption enhancement with vault KMS plugin api#1972

CNTRLPLANE-2711: extend kms encryption enhancement with vault KMS plugin api#1972
flavianmissi wants to merge 1 commit intoopenshift:masterfrom
flavianmissi:extend-kms-ep

flavianmissi commented Apr 15, 2026

Uh oh!

openshift-ci-robot commented Apr 15, 2026 •

edited by openshift-ci Bot

Loading

Uh oh!

openshift-ci Bot commented Apr 15, 2026

Uh oh!

ardaguclu left a comment

Uh oh!

Uh oh!

flavianmissi commented Apr 20, 2026 •

edited by openshift-ci Bot

Loading

Uh oh!

everettraven left a comment

Uh oh!

Uh oh!

ardaguclu commented Apr 21, 2026

Uh oh!

benluddy Apr 27, 2026

Uh oh!

flavianmissi Apr 28, 2026

Uh oh!

Uh oh!

openshift-ci Bot commented Apr 28, 2026

Uh oh!

ardaguclu commented Apr 29, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

flavianmissi commented Apr 15, 2026

Uh oh!

openshift-ci-robot commented Apr 15, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci Bot commented Apr 15, 2026

Uh oh!

ardaguclu left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

flavianmissi commented Apr 20, 2026 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

everettraven left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

ardaguclu commented Apr 21, 2026

Uh oh!

benluddy Apr 27, 2026

Choose a reason for hiding this comment

Uh oh!

flavianmissi Apr 28, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

openshift-ci Bot commented Apr 28, 2026

Uh oh!

ardaguclu commented Apr 29, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

openshift-ci-robot commented Apr 15, 2026 •

edited by openshift-ci Bot

Loading

flavianmissi commented Apr 20, 2026 •

edited by openshift-ci Bot

Loading