kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #398 from yissachar/encrypt-etcd-volumes 

Add option to encrypt Etcd volumes
This commit is contained in:
Justin Santa Barbara 2016-09-08 00:19:20 -04:00 committed by GitHub
parent 466ee35787 8c3b2274d9
commit 1f67271650
3 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
upup/models/proto/_aws/master_volumes.yaml
View File

@ -6,6 +6,8 @@ ebsVolume/{{$m.Name}}.etcd-{{$etcd.Name}}.{{ ClusterName }}:
availabilityZone: {{ $m.Zone }} availabilityZone: {{ $m.Zone }}
sizeGB: {{ or $m.VolumeSize 20 }} sizeGB: {{ or $m.VolumeSize 20 }}
volumeType: {{ or $m.VolumeType "gp2" }} volumeType: {{ or $m.VolumeType "gp2" }}
kmsKeyId: {{ $m.KmsKeyId }}
encrypted: {{ or $m.EncryptedVolume false }}
tags: tags:
{{ range $k, $v := EtcdClusterMemberTags $etcd $m }} {{ range $k, $v := EtcdClusterMemberTags $etcd $m }}
{{ $k }}: "{{ $v }}" {{ $k }}: "{{ $v }}"

10
upup/pkg/api/cluster.go
View File

@ -240,11 +240,13 @@ type EtcdClusterSpec struct {
type EtcdMemberSpec struct { type EtcdMemberSpec struct {
// Name is the name of the member within the etcd cluster // Name is the name of the member within the etcd cluster
Name string `json:"name,omitempty"` Name string `json:"name,omitempty"`
Zone string `json:"zone,omitempty"` Zone string `json:"zone,omitempty"`
VolumeType string `json:"volumeType,omitempty"` VolumeType string `json:"volumeType,omitempty"`
VolumeSize int `json:"volumeSize,omitempty"` VolumeSize int `json:"volumeSize,omitempty"`
KmsKeyId string `json:"kmsKeyId,omitempty"`
EncryptedVolume bool `json:"encryptedVolume,omitempty"`
} }
type ClusterZoneSpec struct { type ClusterZoneSpec struct {

10
upup/pkg/fi/cloudup/awstasks/ebsvolume.go
View File

@ -17,6 +17,8 @@ type EBSVolume struct {
AvailabilityZone *string AvailabilityZone *string
VolumeType *string VolumeType *string
SizeGB *int64 SizeGB *int64
KmsKeyId *string
Encrypted *bool
Tags map[string]string Tags map[string]string
} }
@ -76,6 +78,8 @@ func (e *EBSVolume) find(cloud *awsup.AWSCloud) (*EBSVolume, error) {
AvailabilityZone: v.AvailabilityZone, AvailabilityZone: v.AvailabilityZone,
VolumeType: v.VolumeType, VolumeType: v.VolumeType,
SizeGB: v.Size, SizeGB: v.Size,
KmsKeyId: v.KmsKeyId,
Encrypted: v.Encrypted,
Name: e.Name, Name: e.Name,
} }
@ -111,6 +115,8 @@ func (_ *EBSVolume) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *EBSVolume) e
Size: e.SizeGB, Size: e.SizeGB,
AvailabilityZone: e.AvailabilityZone, AvailabilityZone: e.AvailabilityZone,
VolumeType: e.VolumeType, VolumeType: e.VolumeType,
KmsKeyId: e.KmsKeyId,
Encrypted: e.Encrypted,
} }
response, err := t.Cloud.EC2.CreateVolume(request) response, err := t.Cloud.EC2.CreateVolume(request)
@ -128,6 +134,8 @@ type terraformVolume struct {
AvailabilityZone *string `json:"availability_zone"` AvailabilityZone *string `json:"availability_zone"`
Size *int64 `json:"size"` Size *int64 `json:"size"`
Type *string `json:"type"` Type *string `json:"type"`
KmsKeyId *string `json:"kmsKeyId"`
Encrypted *bool `json:"encrypted"`
Tags map[string]string `json:"tags,omitempty"` Tags map[string]string `json:"tags,omitempty"`
} }
@ -136,6 +144,8 @@ func (_ *EBSVolume) RenderTerraform(t *terraform.TerraformTarget, a, e, changes
AvailabilityZone: e.AvailabilityZone, AvailabilityZone: e.AvailabilityZone,
Size: e.SizeGB, Size: e.SizeGB,
Type: e.VolumeType, Type: e.VolumeType,
KmsKeyId: e.KmsKeyId,
Encrypted: e.Encrypted,
Tags: e.Tags, Tags: e.Tags,
} }