Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add encryption to EBS dynamic provisioner #30880

Merged
merged 1 commit into from
Aug 22, 2016
Merged

Add encryption to EBS dynamic provisioner #30880

merged 1 commit into from
Aug 22, 2016
+19 −0

Conversation

markturansky
Copy link
Contributor

@markturansky markturansky commented Aug 18, 2016
edited
Loading

Resolves #30792

Adds encryption to the EBS cloud provider and provisioner.

Follow up to #29006 (all commits but the one in this PR will drop out).

@kubernetes/sig-storage

This change is Reviewable

@markturansky
Copy link
Contributor Author

@abhgupta

@k8s-github-robot k8s-github-robot added kind/design Categorizes issue or PR as related to design. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. release-note-label-needed labels Aug 18, 2016
@markturansky markturansky mentioned this pull request Aug 18, 2016
Closed
@k8s-github-robot k8s-github-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 18, 2016
@k8s-github-robot k8s-github-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. kind/design Categorizes issue or PR as related to design. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Aug 18, 2016
@jsafrane jsafrane added sig/storage Categorizes an issue or PR as relevant to SIG Storage. team/cluster release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Aug 19, 2016
jsafrane
jsafrane reviewed Aug 19, 2016
View reviewed changes
examples/experimental/persistent-volume-provisioning/README.md
@@ -64,6 +64,8 @@ parameters:
* `type`: `io1`, `gp2`, `sc1`, `st1`. See AWS docs for details. Default: `gp2`.
* `zone`: AWS zone. If not specified, a random zone in the same region as controller-manager will be chosen.
* `iopsPerGB`: only for `io1` volumes. I/O operations per second per GiB. AWS volume plugin multiplies this with size of requested volume to compute IOPS of the volume and caps it at 20 000 IOPS (maximum supported by AWS, see AWS docs).
* `encrypted`: denotes whether the EBS volume should be encrypted or not. Valid values are `true` or `false`.
* `kmsKeyId`: optional. The full Amazon Resource Name of the key to use when encrypting the volume. If none is supplied but `encrypted` is true, a key is generated by AWS. See AWS docs for valid ARN value.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since you need to fix this PR due to compliation error, can you also add an example of ARN: arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef as below? It would help users in searching for the right format.

@jsafrane
Copy link
Member

@k8s-bot test this issue: #IGNORE

@jsafrane
Copy link
Member

weird, now it compiles without any code change

@jsafrane
Copy link
Member

LGTM to catch 1.4

@jsafrane jsafrane added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 19, 2016
@markturansky
Copy link
Contributor Author

@jsafrane thanks! I had fixed the compilation error and pushed anew, but the build wasn't triggered until you did it.

justinsb
justinsb reviewed Aug 19, 2016
View reviewed changes
pkg/cloudprovider/providers/aws/aws.go
@@ -1531,6 +1535,12 @@ func (c *Cloud) CreateDisk(volumeOptions *VolumeOptions) (string, error) {
volSize := int64(volumeOptions.CapacityGB)
request.Size = &volSize
request.VolumeType = &createType
request.Encrypted = &volumeOptions.Encrypted
request.KmsKeyId = &volumeOptions.KmsKeyId
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tend to prefer the aws.String(s) help function now that it is available (and Bool, Int64 etc friends). But just my personal preference.

Have we tested this without a KmsKeyId? Not all AWS APIs like being passed "" (which is why we have to do the whole crazy pointer dance in the first place!)

@justinsb
Copy link
Member

justinsb commented Aug 19, 2016
edited
Loading

LGTM also (with a few style nits that do not need to be fixed at this stage)

I presume e2e will pick up if there is a problem if KmsKeyId is not specified - we'll certainly find it in testing!

@markturansky
Copy link
Contributor Author

@justinsb thanks for the review. Please remove the LGTM label (though I doubt this will merge before I get the changes in). Would you be available to reapply LGTM after I implement your suggestions? @jsafrane is heading out to the pub soon (European time zone)

@k8s-bot
Copy link

k8s-bot commented Aug 22, 2016

GCE e2e build/test passed for commit 9a2645a.

@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented Aug 22, 2016

GCE e2e build/test passed for commit 9a2645a.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit a316e6d into kubernetes:master Aug 22, 2016
@vreon vreon mentioned this pull request Aug 22, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@justinsb justinsb

@jsafrane jsafrane

@rootfs rootfs

@saad-ali saad-ali

Labels
lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@markturansky @jsafrane @justinsb @k8s-bot @k8s-github-robot @smarterclayton @googlebot @rootfs @saad-ali