mirror of https://github.com/k3s-io/k3s
Merge pull request #67139 from NetApp/dev-random-fix-67091
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md. Fix an issue about generation of secret key with invalid key size in gce Replace /dev/random to /dev/urandom to avoid generation of secret key with invalid key size. **What this PR does / why we need it**: In GCE env, AESGCM encryption of secrets by default generates a secret key with /dev/random which sometime generates a key with invalid size. This cause the cluster/kube-up.sh to fail in gce environment. This PR replaces /dev/random with /dev/urandom to have a secret key generated consistently with right size. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #67091 **Special notes for your reviewer**: **Release note**: ```release-note cluster/gce: generate consistent key sizes in config-default.sh using /dev/urandom instead of /dev/random ```pull/8/head
Kubernetes Submit Queue
GitHub
commit
a555044125
|
|
@ -222,7 +222,7 @@ resources:
|
||||||
- aesgcm:
|
- aesgcm:
|
||||||
keys:
|
keys:
|
||||||
- name: key1
|
- name: key1
|
||||||
secret: $(dd if=/dev/random bs=32 count=1 2>/dev/null | base64 | tr -d '\r\n')
|
secret: $(dd if=/dev/urandom iflag=fullblock bs=32 count=1 2>/dev/null | base64 | tr -d '\r\n')
|
||||||
EOM
|
EOM
|
||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue