Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

project: Linode Disk Encryption #541

Merged
merged 13 commits into from
Jul 23, 2024
Merged

project: Linode Disk Encryption #541

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
dc61b1d
Linode Disk Encryption Support (#503)
avestuk May 16, 2024
95ccc60
Merge branch 'main' into proj/disk-encryption
zliang-akamai May 23, 2024
6a6014f
Fix LKE tests
zliang-akamai May 23, 2024
3a6208e
Merge branch 'main' into proj/disk-encryption
lgarber-akamai Jul 3, 2024
8d41d43
Fix tests and re-run relevant fixtures
lgarber-akamai Jul 3, 2024
f6208f6
Fix conflicts & re-run fixtures
lgarber-akamai Jul 10, 2024
79f6533
Add go.work.sum to gitignore
lgarber-akamai Jul 10, 2024
0dd7e88
Uncomment LKEClusterID validation test logic
lgarber-akamai Jul 10, 2024
40f67c1
Fix conflicts
lgarber-akamai Jul 23, 2024
d1a2b00
Add LA disclaimers
lgarber-akamai Jul 23, 2024
3816b88
re-run fixtures
lgarber-akamai Jul 23, 2024
0882077
Merge branch 'main' into proj/disk-encryption
lgarber-akamai Jul 23, 2024
31debfb
Response to test fix on main
lgarber-akamai Jul 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Linode Disk Encryption Support (#503) 
* Add Linode DiskEncryption fields

DiskEncryption can be set at Linode creation time, however it cannot be
altered after instance creation.

* Add DiskEncryption fields to LKENodePools

LKENodePool instances have disc encryption is not configurable and is
enabled by default. Existing LKENodePools will create instances that DO
NOT have disk encryption enabled. As such there is no option to set
DiskEncryption on LKENodePools at creation time but the status of
DiskEncryption is returned from the API when viewing LKENodePools.

* DiskEncryption integration tests

* Update k8s to supported version

* Add check for LKE nodepool disk encryption

New node pools have disk encryption enabled by default

* Target DCs with Disk Encryption

* Update LKE tests & fixtures

* Add LKEClusterID to instance struct

Add test to validate the field

* Add DiskEncryption to disks, linode create and rebuild opts

Add new tests for listing disks with encryption and rebuilding disks with encryption. New tests are required as Disk Encryption is not live yet

* Update alpine image to latest

Image is available in dev

* Check Linode LKE clusterID field

This does not yet work in dev so test addition is commented out

* Fix ClusterNodesReady desc

Bad pasta

Co-authored-by: Lena Garber <114949949+lgarber-akamai@users.noreply.github.com>

---------

Co-authored-by: Lena Garber <lgarber@akamai.com>
Co-authored-by: Lena Garber <114949949+lgarber-akamai@users.noreply.github.com>
  • Loading branch information
@avestuk @lgarber-akamai
3 people authored May 16, 2024
commit dc61b1db781e7d3dae5faba7b371f684b734efa9
4 changes: 2 additions & 2 deletions go.work.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ cloud.google.com/go/compute/metadata v0.2.0 h1:nBbNSZyDpkNlo3DepaaLKVuO7ClyifSAm
cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
cloud.google.com/go/datastore v1.1.0 h1:/May9ojXjRkPBNVrq+oWLqmWCkr4OU5uRY29bu0mRyQ=
cloud.google.com/go/pubsub v1.3.1 h1:ukjixP1wl0LpnZ6LWtZJ0mX5tBmjp1f8Sqer8Z2OMUU=
Expand Down Expand Up @@ -201,6 +202,7 @@ golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1m
golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6 h1:QE6XYQK6naiK1EPAe1g/ILLxN5RBoH5xkJk3CqlMI/Y=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4=
Expand Down Expand Up @@ -235,8 +237,6 @@ golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
Expand Down
15 changes: 8 additions & 7 deletions instance_disks.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,14 @@ import (

// InstanceDisk represents an Instance Disk object
type InstanceDisk struct {
ID int `json:"id"`
Label string `json:"label"`
Status DiskStatus `json:"status"`
Size int `json:"size"`
Filesystem DiskFilesystem `json:"filesystem"`
Created *time.Time `json:"-"`
Updated *time.Time `json:"-"`
ID int `json:"id"`
Label string `json:"label"`
Status DiskStatus `json:"status"`
Size int `json:"size"`
Filesystem DiskFilesystem `json:"filesystem"`
Created *time.Time `json:"-"`
Updated *time.Time `json:"-"`
DiskEncryption InstanceDiskEncryption `json:"disk_encryption"`
}

// DiskFilesystem constants start with Filesystem and include Linode API Filesystems
Expand Down
49 changes: 30 additions & 19 deletions instances.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,25 +43,27 @@ const (

// Instance represents a linode object
type Instance struct {
ID int `json:"id"`
Created *time.Time `json:"-"`
Updated *time.Time `json:"-"`
Region string `json:"region"`
Alerts *InstanceAlert `json:"alerts"`
Backups *InstanceBackup `json:"backups"`
Image string `json:"image"`
Group string `json:"group"`
IPv4 []*net.IP `json:"ipv4"`
IPv6 string `json:"ipv6"`
Label string `json:"label"`
Type string `json:"type"`
Status InstanceStatus `json:"status"`
HasUserData bool `json:"has_user_data"`
Hypervisor string `json:"hypervisor"`
HostUUID string `json:"host_uuid"`
Specs *InstanceSpec `json:"specs"`
WatchdogEnabled bool `json:"watchdog_enabled"`
Tags []string `json:"tags"`
ID int `json:"id"`
Created *time.Time `json:"-"`
Updated *time.Time `json:"-"`
Region string `json:"region"`
Alerts *InstanceAlert `json:"alerts"`
Backups *InstanceBackup `json:"backups"`
Image string `json:"image"`
Group string `json:"group"`
IPv4 []*net.IP `json:"ipv4"`
IPv6 string `json:"ipv6"`
Label string `json:"label"`
Type string `json:"type"`
Status InstanceStatus `json:"status"`
HasUserData bool `json:"has_user_data"`
Hypervisor string `json:"hypervisor"`
HostUUID string `json:"host_uuid"`
Specs *InstanceSpec `json:"specs"`
WatchdogEnabled bool `json:"watchdog_enabled"`
Tags []string `json:"tags"`
DiskEncryption InstanceDiskEncryption `json:"disk_encryption"`
LKEClusterID int `json:"lke_cluster_id"`
}

// InstanceSpec represents a linode spec
Expand Down Expand Up @@ -92,6 +94,13 @@ type InstanceBackup struct {
} `json:"schedule,omitempty"`
}

type InstanceDiskEncryption string

const (
InstanceDiskEncryptionEnabled InstanceDiskEncryption = "enabled"
InstanceDiskEncryptionDisabled InstanceDiskEncryption = "disabled"
)

// InstanceTransfer pool stats for a Linode Instance during the current billing month
type InstanceTransfer struct {
// Bytes of transfer this instance has consumed
Expand Down Expand Up @@ -129,6 +138,7 @@ type InstanceCreateOptions struct {
Tags []string `json:"tags,omitempty"`
Metadata *InstanceMetadataOptions `json:"metadata,omitempty"`
FirewallID int `json:"firewall_id,omitempty"`
DiskEncryption InstanceDiskEncryption `json:"disk_encryption,omitempty"`

// Creation fields that need to be set explicitly false, "", or 0 use pointers
SwapSize *int `json:"swap_size,omitempty"`
Expand Down Expand Up @@ -377,6 +387,7 @@ type InstanceRebuildOptions struct {
Booted *bool `json:"booted,omitempty"`
Metadata *InstanceMetadataOptions `json:"metadata,omitempty"`
Type string `json:"type,omitempty"`
DiskEncryption InstanceDiskEncryption `json:"disk_encryption,omitempty"`
}

// RebuildInstance Deletes all Disks and Configs on this Linode,
Expand Down
30 changes: 30 additions & 0 deletions k8s/pkg/condition/lke.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,39 @@ func ClusterHasReadyNode(ctx context.Context, options linodego.ClusterConditionO
return false, nil
}

// ClusterNodesReady is a ClusterConditionFunc which polls for all nodes to have the
// condition NodeReady=True.
func ClusterNodesReady(ctx context.Context, options linodego.ClusterConditionOptions) (bool, error) {
clientset, err := k8s.BuildClientsetFromConfig(options.LKEClusterKubeconfig, options.TransportWrapper)
if err != nil {
return false, err
}

nodes, err := clientset.CoreV1().Nodes().List(ctx, v1.ListOptions{})
if err != nil {
return false, fmt.Errorf("failed to get nodes for cluster: %w", err)
}

for _, node := range nodes.Items {
for _, condition := range node.Status.Conditions {
if condition.Type == corev1.NodeReady && condition.Status != corev1.ConditionTrue {
return false, nil
}
}
}
return true, nil
}

// WaitForLKEClusterReady polls with a given timeout for the LKE Cluster's api-server
// to be healthy and for the cluster to have at least one node with the NodeReady
// condition true.
func WaitForLKEClusterReady(ctx context.Context, client linodego.Client, clusterID int, options linodego.LKEClusterPollOptions) error {
return client.WaitForLKEClusterConditions(ctx, clusterID, options, ClusterHasReadyNode)
}

// WaitForLKEClusterAndNodesReady polls with a given timeout for the LKE
// Cluster's api-server to be healthy and for all cluster nodes to have the
// NodeReady condition true.
func WaitForLKEClusterAndNodesReady(ctx context.Context, client linodego.Client, clusterID int, options linodego.LKEClusterPollOptions) error {
return client.WaitForLKEClusterConditions(ctx, clusterID, options, ClusterNodesReady)
}
3 changes: 2 additions & 1 deletion lke_node_pools.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@ type LKENodePool struct {
Linodes []LKENodePoolLinode `json:"nodes"`
Tags []string `json:"tags"`

Autoscaler LKENodePoolAutoscaler `json:"autoscaler"`
Autoscaler LKENodePoolAutoscaler `json:"autoscaler"`
DiskEncryption InstanceDiskEncryption `json:"disk_encryption,omitempty"`
}

// LKENodePoolCreateOptions fields are those accepted by CreateLKENodePool
Expand Down
Loading