Skip to content

Commit

Permalink
feat: enable Konnect config dumps sanitization by default (#5573)
Browse files Browse the repository at this point in the history
  • Loading branch information
@czeslavo
czeslavo authored Feb 6, 2024
1 parent cf99004 commit dbe9667
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 4 deletions.
4 changes: 3 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,8 +161,10 @@ Adding a new version? You'll need three changes:
to Konnect.
[#5453](https:/Kong/kubernetes-ingress-controller/pull/5453)
- Added `SanitizeKonnectConfigDumps` feature gate allowing to enable sanitizing
sensitive data in Konnect configuration dumps.
sensitive data (like TLS private keys, Secret-sourced Plugins configuration, etc.)
in Konnect configuration dumps. It's turned on by default.
[#5489](https:/Kong/kubernetes-ingress-controller/pull/5489)
[#5573](https:/Kong/kubernetes-ingress-controller/pull/5573)
- Kong Plugin's `config` field now is sanitized when it contains sensitive data
sourced from a Secret (i.e. `configFrom` or `configPatches` is used).
[#5495](https:/Kong/kubernetes-ingress-controller/pull/5495)
Expand Down
2 changes: 1 addition & 1 deletion FEATURE_GATES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ Features that reach GA and over time become stable will be removed from this tab
| FillIDs | `true` | Beta | 3.0.0 | TBD |
| RewriteURIs | `false` | Alpha | 2.12.0 | TBD |
| KongServiceFacade | `false` | Alpha | 3.1.0 | TBD |
| SanitizeKonnectConfigDumps | `false` | Alpha | 3.1.0 | TBD |
| SanitizeKonnectConfigDumps | `true` | Beta | 3.1.0 | TBD |

**NOTE**: The `Gateway` feature gate refers to [Gateway
API](https:/kubernetes-sigs/gateway-api) APIs which are in
Expand Down
2 changes: 1 addition & 1 deletion internal/manager/featuregates/feature_gates.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,6 @@ func GetFeatureGatesDefaults() FeatureGates {
FillIDsFeature: true,
RewriteURIsFeature: false,
KongServiceFacade: false,
SanitizeKonnectConfigDumps: false,
SanitizeKonnectConfigDumps: true,
}
}
2 changes: 1 addition & 1 deletion test/envtest/telemetry_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -362,7 +362,7 @@ func verifyTelemetryReport(t *testing.T, k8sVersion *version.Info, report string
"feature-kongservicefacade=false;"+
"feature-konnect-sync=false;"+
"feature-rewriteuris=false;"+
"feature-sanitizekonnectconfigdumps=false;"+
"feature-sanitizekonnectconfigdumps=true;"+
"hn=%s;"+
"kv=3.4.1;"+
"rf=traditional;"+
Expand Down

0 comments on commit dbe9667

Please sign in to comment.