github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 11:21:47 +00:00
Code Issues Projects Releases Wiki Activity

feat: add azure disk encryption(SSE+CMK) support

Browse Source
This commit is contained in:
andyzhangx 2019-10-31 13:24:43 +00:00
parent 00deec8719
commit f10d44bad2
2 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
pkg/volume/azure_dd/azure_provision.go
View File

@ -131,8 +131,9 @@ func (p *azureDiskProvisioner) Provision(selectedNode *v1.Node, allowedTopologie
availabilityZones sets.String availabilityZones sets.String
selectedAvailabilityZone string selectedAvailabilityZone string
diskIopsReadWrite string diskIopsReadWrite string
diskMbpsReadWrite string diskMbpsReadWrite string
diskEncryptionSetID string
) )
// maxLength = 79 - (4 for ".vhd") = 75 // maxLength = 79 - (4 for ".vhd") = 75
name := util.GenerateVolumeName(p.options.ClusterName, p.options.PVName, 75) name := util.GenerateVolumeName(p.options.ClusterName, p.options.PVName, 75)
@ -175,6 +176,8 @@ func (p *azureDiskProvisioner) Provision(selectedNode *v1.Node, allowedTopologie
diskIopsReadWrite = v diskIopsReadWrite = v
case "diskmbpsreadwrite": case "diskmbpsreadwrite":
diskMbpsReadWrite = v diskMbpsReadWrite = v
case "diskencryptionsetid":
diskEncryptionSetID = v
default: default:
return nil, fmt.Errorf("AzureDisk - invalid option %s in storage class", k) return nil, fmt.Errorf("AzureDisk - invalid option %s in storage class", k)
} }
@ -244,15 +247,16 @@ func (p *azureDiskProvisioner) Provision(selectedNode *v1.Node, allowedTopologie
} }
volumeOptions := &azure.ManagedDiskOptions{ volumeOptions := &azure.ManagedDiskOptions{
DiskName: name, DiskName: name,
StorageAccountType: skuName, StorageAccountType: skuName,
ResourceGroup: resourceGroup, ResourceGroup: resourceGroup,
PVCName: p.options.PVC.Name, PVCName: p.options.PVC.Name,
SizeGB: requestGiB, SizeGB: requestGiB,
Tags: tags, Tags: tags,
AvailabilityZone: selectedAvailabilityZone, AvailabilityZone: selectedAvailabilityZone,
DiskIOPSReadWrite: diskIopsReadWrite, DiskIOPSReadWrite: diskIopsReadWrite,
DiskMBpsReadWrite: diskMbpsReadWrite, DiskMBpsReadWrite: diskMbpsReadWrite,
DiskEncryptionSetID: diskEncryptionSetID,
} }
diskURI, err = diskController.CreateManagedDisk(volumeOptions) diskURI, err = diskController.CreateManagedDisk(volumeOptions)
if err != nil { if err != nil {

9
staging/src/k8s.io/legacy-cloud-providers/azure/azure_managedDiskController.go
View File

@ -67,6 +67,8 @@ type ManagedDiskOptions struct {
DiskIOPSReadWrite string DiskIOPSReadWrite string
// Throughput Cap (MBps) for UltraSSD disk // Throughput Cap (MBps) for UltraSSD disk
DiskMBpsReadWrite string DiskMBpsReadWrite string
// ResourceId of the disk encryption set to use for enabling encryption at rest.
DiskEncryptionSetID string
} }
//CreateManagedDisk : create managed disk //CreateManagedDisk : create managed disk
@ -129,6 +131,13 @@ func (c *ManagedDiskController) CreateManagedDisk(options *ManagedDiskOptions) (
} }
} }
if options.DiskEncryptionSetID != "" {
diskProperties.Encryption = &compute.Encryption{
DiskEncryptionSetID: &options.DiskEncryptionSetID,
Type: compute.EncryptionAtRestWithCustomerKey,
}
}
model := compute.Disk{ model := compute.Disk{
Location: &c.common.location, Location: &c.common.location,
Tags: newTags, Tags: newTags,