Merge pull request #13585 from spotinst/feat-rootvol-encrypt

Spotinst: Add support for EBS root volume encryption
2022-05-01 03:33:14 -07:00 · 2022-05-01 03:33:14 -07:00 · 275264ac06
parent 095e00606a 8061b27afd
commit 275264ac06
3 changed files with 20 additions and 0 deletions
--- a/pkg/model/awsmodel/spotinst.go
+++ b/pkg/model/awsmodel/spotinst.go
@ -712,6 +712,13 @@ func (b *SpotInstanceGroupModelBuilder) buildRootVolumeOpts(ig *kops.InstanceGro
 		}
 	}

+	// Encryption.
+	{
+		if fi.BoolValue(ig.Spec.RootVolumeEncryption) {
+			opts.Encryption = ig.Spec.RootVolumeEncryption
+		}
+	}
+
 	// Size.
 	{
 		size := fi.Int32Value(ig.Spec.RootVolumeSize)
--- a/upup/pkg/fi/cloudup/spotinsttasks/elastigroup.go
+++ b/upup/pkg/fi/cloudup/spotinsttasks/elastigroup.go
@ -79,6 +79,7 @@ type RootVolumeOpts struct {
 	IOPS         *int64
 	Throughput   *int64
 	Optimization *bool
+	Encryption   *bool
 }

 type AutoScalerOpts struct {
@ -306,6 +307,9 @@ func (e *Elastigroup) Find(c *fi.Context) (*Elastigroup, error) {
 						if b.EBS.Throughput != nil {
 							actual.RootVolumeOpts.Throughput = fi.Int64(int64(fi.IntValue(b.EBS.Throughput)))
 						}
+						if b.EBS.Encrypted != nil {
+							actual.RootVolumeOpts.Encryption = b.EBS.Encrypted
+						}
 					}
 				}
 			}
@ -1394,6 +1398,7 @@ type terraformElastigroupBlockDevice struct {
 	VolumeSize          *int64  `cty:"volume_size"`
 	VolumeIOPS          *int64  `cty:"iops"`
 	VolumeThroughput    *int64  `cty:"throughput"`
+	Encrypted           *bool   `cty:"encrypted"`
 	DeleteOnTermination *bool   `cty:"delete_on_termination"`
 }

@ -1594,6 +1599,7 @@ func (_ *Elastigroup) RenderTerraform(t *terraform.TerraformTarget, a, e, change
 					VolumeSize:          rootDevice.EbsVolumeSize,
 					VolumeIOPS:          rootDevice.EbsVolumeIops,
 					VolumeThroughput:    rootDevice.EbsVolumeThroughput,
+					Encrypted:           rootDevice.EbsEncrypted,
 					DeleteOnTermination: fi.Bool(true),
 				}

@ -1780,6 +1786,7 @@ func buildRootDevice(cloud awsup.AWSCloud, volumeOpts *RootVolumeOpts,
 		DeviceName:             img.RootDeviceName,
 		EbsVolumeSize:          volumeOpts.Size,
 		EbsVolumeType:          volumeOpts.Type,
+		EbsEncrypted:           volumeOpts.Encryption,
 		EbsDeleteOnTermination: fi.Bool(true),
 	}

@ -1806,6 +1813,7 @@ func (e *Elastigroup) convertBlockDeviceMapping(in *awstasks.BlockDeviceMapping)
 		out.EBS = &aws.EBS{
 			VolumeType:          in.EbsVolumeType,
 			VolumeSize:          fi.Int(int(fi.Int64Value(in.EbsVolumeSize))),
+			Encrypted:           in.EbsEncrypted,
 			DeleteOnTermination: in.EbsDeleteOnTermination,
 		}

--- a/upup/pkg/fi/cloudup/spotinsttasks/launch_spec.go
+++ b/upup/pkg/fi/cloudup/spotinsttasks/launch_spec.go
@ -220,6 +220,9 @@ func (o *LaunchSpec) Find(c *fi.Context) (*LaunchSpec, error) {
 					if b.EBS.Throughput != nil {
 						actual.RootVolumeOpts.Throughput = fi.Int64(int64(fi.IntValue(b.EBS.Throughput)))
 					}
+					if b.EBS.Encrypted != nil {
+						actual.RootVolumeOpts.Encryption = b.EBS.Encrypted
+					}
 				}
 			}
 		}
@ -876,6 +879,7 @@ type terraformBlockDeviceMappingEBS struct {
 	VolumeSize          *int64  `cty:"volume_size"`
 	VolumeIOPS          *int64  `cty:"iops"`
 	VolumeThroughput    *int64  `cty:"throughput"`
+	Encrypted           *bool   `cty:"encrypted"`
 	DeleteOnTermination *bool   `cty:"delete_on_termination"`
 }

@ -981,6 +985,7 @@ func (_ *LaunchSpec) RenderTerraform(t *terraform.TerraformTarget, a, e, changes
 				VolumeSize:          rootDevice.EbsVolumeSize,
 				VolumeIOPS:          rootDevice.EbsVolumeIops,
 				VolumeThroughput:    rootDevice.EbsVolumeThroughput,
+				Encrypted:           rootDevice.EbsEncrypted,
 				DeleteOnTermination: fi.Bool(true),
 			},
 		})