mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
feat: add azure disk encryption(SSE+CMK) support
This commit is contained in:
parent
00deec8719
commit
f10d44bad2
@ -133,6 +133,7 @@ func (p *azureDiskProvisioner) Provision(selectedNode *v1.Node, allowedTopologie
|
|||||||
|
|
||||||
diskIopsReadWrite string
|
diskIopsReadWrite string
|
||||||
diskMbpsReadWrite string
|
diskMbpsReadWrite string
|
||||||
|
diskEncryptionSetID string
|
||||||
)
|
)
|
||||||
// maxLength = 79 - (4 for ".vhd") = 75
|
// maxLength = 79 - (4 for ".vhd") = 75
|
||||||
name := util.GenerateVolumeName(p.options.ClusterName, p.options.PVName, 75)
|
name := util.GenerateVolumeName(p.options.ClusterName, p.options.PVName, 75)
|
||||||
@ -175,6 +176,8 @@ func (p *azureDiskProvisioner) Provision(selectedNode *v1.Node, allowedTopologie
|
|||||||
diskIopsReadWrite = v
|
diskIopsReadWrite = v
|
||||||
case "diskmbpsreadwrite":
|
case "diskmbpsreadwrite":
|
||||||
diskMbpsReadWrite = v
|
diskMbpsReadWrite = v
|
||||||
|
case "diskencryptionsetid":
|
||||||
|
diskEncryptionSetID = v
|
||||||
default:
|
default:
|
||||||
return nil, fmt.Errorf("AzureDisk - invalid option %s in storage class", k)
|
return nil, fmt.Errorf("AzureDisk - invalid option %s in storage class", k)
|
||||||
}
|
}
|
||||||
@ -253,6 +256,7 @@ func (p *azureDiskProvisioner) Provision(selectedNode *v1.Node, allowedTopologie
|
|||||||
AvailabilityZone: selectedAvailabilityZone,
|
AvailabilityZone: selectedAvailabilityZone,
|
||||||
DiskIOPSReadWrite: diskIopsReadWrite,
|
DiskIOPSReadWrite: diskIopsReadWrite,
|
||||||
DiskMBpsReadWrite: diskMbpsReadWrite,
|
DiskMBpsReadWrite: diskMbpsReadWrite,
|
||||||
|
DiskEncryptionSetID: diskEncryptionSetID,
|
||||||
}
|
}
|
||||||
diskURI, err = diskController.CreateManagedDisk(volumeOptions)
|
diskURI, err = diskController.CreateManagedDisk(volumeOptions)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -67,6 +67,8 @@ type ManagedDiskOptions struct {
|
|||||||
DiskIOPSReadWrite string
|
DiskIOPSReadWrite string
|
||||||
// Throughput Cap (MBps) for UltraSSD disk
|
// Throughput Cap (MBps) for UltraSSD disk
|
||||||
DiskMBpsReadWrite string
|
DiskMBpsReadWrite string
|
||||||
|
// ResourceId of the disk encryption set to use for enabling encryption at rest.
|
||||||
|
DiskEncryptionSetID string
|
||||||
}
|
}
|
||||||
|
|
||||||
//CreateManagedDisk : create managed disk
|
//CreateManagedDisk : create managed disk
|
||||||
@ -129,6 +131,13 @@ func (c *ManagedDiskController) CreateManagedDisk(options *ManagedDiskOptions) (
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if options.DiskEncryptionSetID != "" {
|
||||||
|
diskProperties.Encryption = &compute.Encryption{
|
||||||
|
DiskEncryptionSetID: &options.DiskEncryptionSetID,
|
||||||
|
Type: compute.EncryptionAtRestWithCustomerKey,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
model := compute.Disk{
|
model := compute.Disk{
|
||||||
Location: &c.common.location,
|
Location: &c.common.location,
|
||||||
Tags: newTags,
|
Tags: newTags,
|
||||||
|
Loading…
Reference in New Issue
Block a user