Add Google cloudkms service to gce cloud provider

2025-08-10 20:42:26 +00:00 · 2017-06-27 17:28:32 -07:00 · 2017-06-27 17:28:32 -07:00 · 57e8461662
commit 57e8461662
parent b47dc4704b
2 changed files with 21 additions and 2 deletions
--- a/pkg/cloudprovider/providers/gce/BUILD
+++ b/pkg/cloudprovider/providers/gce/BUILD
@ -55,6 +55,7 @@ go_library(
        "//vendor/github.com/prometheus/client_golang/prometheus:go_default_library",
        "//vendor/golang.org/x/oauth2:go_default_library",
        "//vendor/golang.org/x/oauth2/google:go_default_library",
+        "//vendor/google.golang.org/api/cloudkms/v1:go_default_library",
        "//vendor/google.golang.org/api/compute/v0.beta:go_default_library",
        "//vendor/google.golang.org/api/compute/v1:go_default_library",
        "//vendor/google.golang.org/api/container/v1:go_default_library",
--- a/pkg/cloudprovider/providers/gce/gce.go
+++ b/pkg/cloudprovider/providers/gce/gce.go
@ -25,9 +25,9 @@ import (
 	"sync"
 	"time"

-	"cloud.google.com/go/compute/metadata"
+	gcfg "gopkg.in/gcfg.v1"

-	"gopkg.in/gcfg.v1"
+	"cloud.google.com/go/compute/metadata"

 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
@ -38,6 +38,7 @@ import (
 	"github.com/golang/glog"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
+	cloudkms "google.golang.org/api/cloudkms/v1"
 	computebeta "google.golang.org/api/compute/v0.beta"
 	compute "google.golang.org/api/compute/v1"
 	container "google.golang.org/api/container/v1"
@ -85,6 +86,7 @@ type GCECloud struct {
 	service                  *compute.Service
 	serviceBeta              *computebeta.Service
 	containerService         *container.Service
+	cloudkmsService          *cloudkms.Service
 	clientBuilder            controller.ControllerClientBuilder
 	projectID                string
 	region                   string
@ -153,6 +155,16 @@ func (g *GCECloud) GetComputeService() *compute.Service {
 	return g.service
 }

+// Raw access to the cloudkmsService of GCE cloud. Required for encryption of etcd using Google KMS.
+func (g *GCECloud) GetKMSService() *cloudkms.Service {
+	return g.cloudkmsService
+}
+
+// Returns the ProjectID corresponding to the project this cloud is in.
+func (g *GCECloud) GetProjectID() string {
+	return g.projectID
+}
+
 // newGCECloud creates a new instance of GCECloud.
 func newGCECloud(config io.Reader) (*GCECloud, error) {
 	projectID, zone, err := getProjectAndZone()
@ -244,6 +256,11 @@ func CreateGCECloud(projectID, region, zone string, managedZones []string, netwo
 		return nil, err
 	}

+	cloudkmsService, err := cloudkms.New(client)
+	if err != nil {
+		return nil, err
+	}
+
 	if networkURL == "" {
 		networkName, err := getNetworkNameViaAPICall(service, projectID)
 		if err != nil {
@ -274,6 +291,7 @@ func CreateGCECloud(projectID, region, zone string, managedZones []string, netwo
 		service:                  service,
 		serviceBeta:              serviceBeta,
 		containerService:         containerService,
+		cloudkmsService:          cloudkmsService,
 		projectID:                projectID,
 		networkProjectID:         networkProjectID,
 		onXPN:                    onXPN,