mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 11:21:47 +00:00
feat: add azure disk encryption(SSE+CMK) support
This commit is contained in:
parent
00deec8719
commit
f10d44bad2
@ -131,8 +131,9 @@ func (p *azureDiskProvisioner) Provision(selectedNode *v1.Node, allowedTopologie
|
|||||||
availabilityZones sets.String
|
availabilityZones sets.String
|
||||||
selectedAvailabilityZone string
|
selectedAvailabilityZone string
|
||||||
|
|
||||||
diskIopsReadWrite string
|
diskIopsReadWrite string
|
||||||
diskMbpsReadWrite string
|
diskMbpsReadWrite string
|
||||||
|
diskEncryptionSetID string
|
||||||
)
|
)
|
||||||
// maxLength = 79 - (4 for ".vhd") = 75
|
// maxLength = 79 - (4 for ".vhd") = 75
|
||||||
name := util.GenerateVolumeName(p.options.ClusterName, p.options.PVName, 75)
|
name := util.GenerateVolumeName(p.options.ClusterName, p.options.PVName, 75)
|
||||||
@ -175,6 +176,8 @@ func (p *azureDiskProvisioner) Provision(selectedNode *v1.Node, allowedTopologie
|
|||||||
diskIopsReadWrite = v
|
diskIopsReadWrite = v
|
||||||
case "diskmbpsreadwrite":
|
case "diskmbpsreadwrite":
|
||||||
diskMbpsReadWrite = v
|
diskMbpsReadWrite = v
|
||||||
|
case "diskencryptionsetid":
|
||||||
|
diskEncryptionSetID = v
|
||||||
default:
|
default:
|
||||||
return nil, fmt.Errorf("AzureDisk - invalid option %s in storage class", k)
|
return nil, fmt.Errorf("AzureDisk - invalid option %s in storage class", k)
|
||||||
}
|
}
|
||||||
@ -244,15 +247,16 @@ func (p *azureDiskProvisioner) Provision(selectedNode *v1.Node, allowedTopologie
|
|||||||
}
|
}
|
||||||
|
|
||||||
volumeOptions := &azure.ManagedDiskOptions{
|
volumeOptions := &azure.ManagedDiskOptions{
|
||||||
DiskName: name,
|
DiskName: name,
|
||||||
StorageAccountType: skuName,
|
StorageAccountType: skuName,
|
||||||
ResourceGroup: resourceGroup,
|
ResourceGroup: resourceGroup,
|
||||||
PVCName: p.options.PVC.Name,
|
PVCName: p.options.PVC.Name,
|
||||||
SizeGB: requestGiB,
|
SizeGB: requestGiB,
|
||||||
Tags: tags,
|
Tags: tags,
|
||||||
AvailabilityZone: selectedAvailabilityZone,
|
AvailabilityZone: selectedAvailabilityZone,
|
||||||
DiskIOPSReadWrite: diskIopsReadWrite,
|
DiskIOPSReadWrite: diskIopsReadWrite,
|
||||||
DiskMBpsReadWrite: diskMbpsReadWrite,
|
DiskMBpsReadWrite: diskMbpsReadWrite,
|
||||||
|
DiskEncryptionSetID: diskEncryptionSetID,
|
||||||
}
|
}
|
||||||
diskURI, err = diskController.CreateManagedDisk(volumeOptions)
|
diskURI, err = diskController.CreateManagedDisk(volumeOptions)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -67,6 +67,8 @@ type ManagedDiskOptions struct {
|
|||||||
DiskIOPSReadWrite string
|
DiskIOPSReadWrite string
|
||||||
// Throughput Cap (MBps) for UltraSSD disk
|
// Throughput Cap (MBps) for UltraSSD disk
|
||||||
DiskMBpsReadWrite string
|
DiskMBpsReadWrite string
|
||||||
|
// ResourceId of the disk encryption set to use for enabling encryption at rest.
|
||||||
|
DiskEncryptionSetID string
|
||||||
}
|
}
|
||||||
|
|
||||||
//CreateManagedDisk : create managed disk
|
//CreateManagedDisk : create managed disk
|
||||||
@ -129,6 +131,13 @@ func (c *ManagedDiskController) CreateManagedDisk(options *ManagedDiskOptions) (
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if options.DiskEncryptionSetID != "" {
|
||||||
|
diskProperties.Encryption = &compute.Encryption{
|
||||||
|
DiskEncryptionSetID: &options.DiskEncryptionSetID,
|
||||||
|
Type: compute.EncryptionAtRestWithCustomerKey,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
model := compute.Disk{
|
model := compute.Disk{
|
||||||
Location: &c.common.location,
|
Location: &c.common.location,
|
||||||
Tags: newTags,
|
Tags: newTags,
|
||||||
|
Loading…
Reference in New Issue
Block a user