diff --git a/api/compute/v1alpha1/machine_types.go b/api/compute/v1alpha1/machine_types.go index 1626d9594..1050acf9a 100644 --- a/api/compute/v1alpha1/machine_types.go +++ b/api/compute/v1alpha1/machine_types.go @@ -33,7 +33,7 @@ type MachineSpec struct { // MachinePoolRef defines machine pool to run the machine in. // If empty, a scheduler will figure out an appropriate pool to run the machine in. MachinePoolRef *corev1.LocalObjectReference `json:"machinePoolRef,omitempty"` - // Power ist the desired machine power state. + // Power is the desired machine power state. // Defaults to PowerOn. Power Power `json:"power,omitempty"` // Image is the optional URL providing the operating system image of the machine. diff --git a/api/storage/v1alpha1/volume_types.go b/api/storage/v1alpha1/volume_types.go index 9bd1d1bdc..0d56bc00b 100644 --- a/api/storage/v1alpha1/volume_types.go +++ b/api/storage/v1alpha1/volume_types.go @@ -17,10 +17,11 @@ package v1alpha1 import ( - commonv1alpha1 "github.com/onmetal/onmetal-api/api/common/v1alpha1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" + + commonv1alpha1 "github.com/onmetal/onmetal-api/api/common/v1alpha1" ) // VolumeGK is a helper to easily access the GroupKind information of an Volume @@ -29,6 +30,13 @@ var VolumeGK = schema.GroupKind{ Kind: "Volume", } +// VolumeEncryption represents information to encrypt a volume. +type VolumeEncryption struct { + // SecretRef references the Secret containing the encryption key to encrypt a Volume. + // This secret is created by user with encryptionKey as Key and base64 encoded 256-bit encryption key as Value. + SecretRef corev1.LocalObjectReference `json:"secretRef"` +} + // VolumeSpec defines the desired state of Volume type VolumeSpec struct { // VolumeClassRef is the VolumeClass of a volume @@ -52,6 +60,8 @@ type VolumeSpec struct { // Tolerations define tolerations the Volume has. Only any VolumePool whose taints // covered by Tolerations will be considered to host the Volume. Tolerations []commonv1alpha1.Toleration `json:"tolerations,omitempty"` + // Encryption is an optional field which provides attributes to encrypt Volume. + Encryption *VolumeEncryption `json:"encryption,omitempty"` } // VolumeAccess represents information on how to access a volume. diff --git a/api/storage/v1alpha1/zz_generated.deepcopy.go b/api/storage/v1alpha1/zz_generated.deepcopy.go index 04332e1ba..1d56d06e3 100644 --- a/api/storage/v1alpha1/zz_generated.deepcopy.go +++ b/api/storage/v1alpha1/zz_generated.deepcopy.go @@ -521,6 +521,23 @@ func (in *VolumeCondition) DeepCopy() *VolumeCondition { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumeEncryption) DeepCopyInto(out *VolumeEncryption) { + *out = *in + out.SecretRef = in.SecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeEncryption. +func (in *VolumeEncryption) DeepCopy() *VolumeEncryption { + if in == nil { + return nil + } + out := new(VolumeEncryption) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VolumeList) DeepCopyInto(out *VolumeList) { *out = *in @@ -737,6 +754,11 @@ func (in *VolumeSpec) DeepCopyInto(out *VolumeSpec) { *out = make([]commonv1alpha1.Toleration, len(*in)) copy(*out, *in) } + if in.Encryption != nil { + in, out := &in.Encryption, &out.Encryption + *out = new(VolumeEncryption) + **out = **in + } return } diff --git a/client-go/applyconfigurations/internal/internal.go b/client-go/applyconfigurations/internal/internal.go index 3328e70e4..90f4aa15f 100644 --- a/client-go/applyconfigurations/internal/internal.go +++ b/client-go/applyconfigurations/internal/internal.go @@ -1313,6 +1313,13 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.onmetal.onmetal-api.api.storage.v1alpha1.VolumeEncryption + map: + fields: + - name: secretRef + type: + namedType: io.k8s.api.core.v1.LocalObjectReference + default: {} - name: com.github.onmetal.onmetal-api.api.storage.v1alpha1.VolumePool map: fields: @@ -1407,6 +1414,9 @@ var schemaYAML = typed.YAMLObject(`types: - name: claimRef type: namedType: com.github.onmetal.onmetal-api.api.common.v1alpha1.LocalUIDReference + - name: encryption + type: + namedType: com.github.onmetal.onmetal-api.api.storage.v1alpha1.VolumeEncryption - name: image type: scalar: string diff --git a/client-go/applyconfigurations/storage/v1alpha1/volumeencryption.go b/client-go/applyconfigurations/storage/v1alpha1/volumeencryption.go new file mode 100644 index 000000000..22077d78a --- /dev/null +++ b/client-go/applyconfigurations/storage/v1alpha1/volumeencryption.go @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2022 by the OnMetal authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/api/core/v1" +) + +// VolumeEncryptionApplyConfiguration represents an declarative configuration of the VolumeEncryption type for use +// with apply. +type VolumeEncryptionApplyConfiguration struct { + SecretRef *v1.LocalObjectReference `json:"secretRef,omitempty"` +} + +// VolumeEncryptionApplyConfiguration constructs an declarative configuration of the VolumeEncryption type for use with +// apply. +func VolumeEncryption() *VolumeEncryptionApplyConfiguration { + return &VolumeEncryptionApplyConfiguration{} +} + +// WithSecretRef sets the SecretRef field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretRef field is set to the value of the last call. +func (b *VolumeEncryptionApplyConfiguration) WithSecretRef(value v1.LocalObjectReference) *VolumeEncryptionApplyConfiguration { + b.SecretRef = &value + return b +} diff --git a/client-go/applyconfigurations/storage/v1alpha1/volumespec.go b/client-go/applyconfigurations/storage/v1alpha1/volumespec.go index edce4ab09..408bf49b9 100644 --- a/client-go/applyconfigurations/storage/v1alpha1/volumespec.go +++ b/client-go/applyconfigurations/storage/v1alpha1/volumespec.go @@ -34,6 +34,7 @@ type VolumeSpecApplyConfiguration struct { ImagePullSecretRef *v1.LocalObjectReference `json:"imagePullSecretRef,omitempty"` Unclaimable *bool `json:"unclaimable,omitempty"` Tolerations []v1alpha1.TolerationApplyConfiguration `json:"tolerations,omitempty"` + Encryption *VolumeEncryptionApplyConfiguration `json:"encryption,omitempty"` } // VolumeSpecApplyConfiguration constructs an declarative configuration of the VolumeSpec type for use with @@ -124,3 +125,11 @@ func (b *VolumeSpecApplyConfiguration) WithTolerations(values ...*v1alpha1.Toler } return b } + +// WithEncryption sets the Encryption field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Encryption field is set to the value of the last call. +func (b *VolumeSpecApplyConfiguration) WithEncryption(value *VolumeEncryptionApplyConfiguration) *VolumeSpecApplyConfiguration { + b.Encryption = value + return b +} diff --git a/client-go/applyconfigurations/utils.go b/client-go/applyconfigurations/utils.go index dc380a2ea..29c829eb2 100644 --- a/client-go/applyconfigurations/utils.go +++ b/client-go/applyconfigurations/utils.go @@ -216,6 +216,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &applyconfigurationsstoragev1alpha1.VolumeClassApplyConfiguration{} case storagev1alpha1.SchemeGroupVersion.WithKind("VolumeCondition"): return &applyconfigurationsstoragev1alpha1.VolumeConditionApplyConfiguration{} + case storagev1alpha1.SchemeGroupVersion.WithKind("VolumeEncryption"): + return &applyconfigurationsstoragev1alpha1.VolumeEncryptionApplyConfiguration{} case storagev1alpha1.SchemeGroupVersion.WithKind("VolumePool"): return &applyconfigurationsstoragev1alpha1.VolumePoolApplyConfiguration{} case storagev1alpha1.SchemeGroupVersion.WithKind("VolumePoolCondition"): diff --git a/client-go/openapi/zz_generated.openapi.go b/client-go/openapi/zz_generated.openapi.go index 1e80b3226..9fdb086c1 100644 --- a/client-go/openapi/zz_generated.openapi.go +++ b/client-go/openapi/zz_generated.openapi.go @@ -134,6 +134,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/onmetal/onmetal-api/api/storage/v1alpha1.VolumeClass": schema_onmetal_api_api_storage_v1alpha1_VolumeClass(ref), "github.com/onmetal/onmetal-api/api/storage/v1alpha1.VolumeClassList": schema_onmetal_api_api_storage_v1alpha1_VolumeClassList(ref), "github.com/onmetal/onmetal-api/api/storage/v1alpha1.VolumeCondition": schema_onmetal_api_api_storage_v1alpha1_VolumeCondition(ref), + "github.com/onmetal/onmetal-api/api/storage/v1alpha1.VolumeEncryption": schema_onmetal_api_api_storage_v1alpha1_VolumeEncryption(ref), "github.com/onmetal/onmetal-api/api/storage/v1alpha1.VolumeList": schema_onmetal_api_api_storage_v1alpha1_VolumeList(ref), "github.com/onmetal/onmetal-api/api/storage/v1alpha1.VolumePool": schema_onmetal_api_api_storage_v1alpha1_VolumePool(ref), "github.com/onmetal/onmetal-api/api/storage/v1alpha1.VolumePoolCondition": schema_onmetal_api_api_storage_v1alpha1_VolumePoolCondition(ref), @@ -1343,7 +1344,7 @@ func schema_onmetal_api_api_compute_v1alpha1_MachineSpec(ref common.ReferenceCal }, "power": { SchemaProps: spec.SchemaProps{ - Description: "Power ist the desired machine power state. Defaults to PowerOn.", + Description: "Power is the desired machine power state. Defaults to PowerOn.", Type: []string{"string"}, Format: "", }, @@ -4791,6 +4792,29 @@ func schema_onmetal_api_api_storage_v1alpha1_VolumeCondition(ref common.Referenc } } +func schema_onmetal_api_api_storage_v1alpha1_VolumeEncryption(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "VolumeEncryption represents information to encrypt a volume.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "secretRef": { + SchemaProps: spec.SchemaProps{ + Description: "SecretRef references the Secret containing the encryption key to encrypt a Volume. This secret is created by user with encryptionKey as Key and base64 encoded 256-bit encryption key as Value.", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + }, + }, + }, + Required: []string{"secretRef"}, + }, + }, + Dependencies: []string{ + "k8s.io/api/core/v1.LocalObjectReference"}, + } +} + func schema_onmetal_api_api_storage_v1alpha1_VolumeList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -5204,11 +5228,17 @@ func schema_onmetal_api_api_storage_v1alpha1_VolumeSpec(ref common.ReferenceCall }, }, }, + "encryption": { + SchemaProps: spec.SchemaProps{ + Description: "Encryption is an optional field which provides attributes to encrypt Volume.", + Ref: ref("github.com/onmetal/onmetal-api/api/storage/v1alpha1.VolumeEncryption"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/onmetal/onmetal-api/api/common/v1alpha1.LocalUIDReference", "github.com/onmetal/onmetal-api/api/common/v1alpha1.Toleration", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + "github.com/onmetal/onmetal-api/api/common/v1alpha1.LocalUIDReference", "github.com/onmetal/onmetal-api/api/common/v1alpha1.Toleration", "github.com/onmetal/onmetal-api/api/storage/v1alpha1.VolumeEncryption", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } diff --git a/docs/api-reference/compute.md b/docs/api-reference/compute.md index 7031ffeab..b4a95b19f 100644 --- a/docs/api-reference/compute.md +++ b/docs/api-reference/compute.md @@ -113,6 +113,20 @@ If empty, a scheduler will figure out an appropriate pool to run the machine in. +power
+ + +Power + + + + +

Power is the desired machine power state. +Defaults to PowerOn.

+ + + + image
string @@ -1000,6 +1014,20 @@ If empty, a scheduler will figure out an appropriate pool to run the machine in. +power
+ + +Power + + + + +

Power is the desired machine power state. +Defaults to PowerOn.

+ + + + image
string @@ -1121,6 +1149,9 @@ MachinePool.

"Shutdown"

MachineStateShutdown means the machine is shut down.

+

"Terminated"

+

MachineStateTerminated means the machine has been permanently stopped and cannot be started.

+

MachineStatus @@ -1141,6 +1172,17 @@ MachinePool.

+machineID
+ +string + + + +

MachineID is the provider specific machine ID in the format ‘://’.

+ + + + machinePoolObservedGeneration
int64 @@ -1458,6 +1500,29 @@ Kubernetes meta/v1.Time +

Power +(string alias)

+

+(Appears on:MachineSpec) +

+
+

Power is the desired power state of a Machine.

+
+ + + + + + + + + + + + +
ValueDescription

"Off"

PowerOff indicates that a Machine should be powered off.

+

"On"

PowerOn indicates that a Machine should be powered on.

+

Volume

diff --git a/docs/api-reference/networking.md b/docs/api-reference/networking.md index 813478379..1682002dd 100644 --- a/docs/api-reference/networking.md +++ b/docs/api-reference/networking.md @@ -1939,6 +1939,19 @@ NetworkInterfacePhase +machinePoolRef
+ + +Kubernetes core/v1.LocalObjectReference + + + + +

MachinePoolRef is the machine pool the network interface is currently on, if any.

+ + + + lastPhaseTransitionTime
diff --git a/docs/api-reference/storage.md b/docs/api-reference/storage.md index a7fd8c578..1d2e340ed 100644 --- a/docs/api-reference/storage.md +++ b/docs/api-reference/storage.md @@ -10,16 +10,22 @@ Resource Types: -

Volume +

Bucket

-

Volume is the Schema for the volumes API

+

Bucket is the Schema for the buckets API

@@ -44,7 +50,7 @@ storage.api.onmetal.de/v1alpha1 kind
string - + @@ -75,7 +81,7 @@ VolumeSpec
VolumeBucket
@@ -64,8 +70,8 @@ Refer to the Kubernetes API documentation for the fields of the spec
- -VolumeSpec + +BucketSpec
+ + + + + + + + + +
-volumeClassRef
+bucketClassRef
Kubernetes core/v1.LocalObjectReference @@ -83,75 +89,851 @@ Kubernetes core/v1.LocalObjectReference 		-

VolumeClassRef is the VolumeClass of a volume -If empty, an external controller has to provision the volume.

+

BucketClassRef is the BucketClass of a bucket +If empty, an external controller has to provision the bucket.
-volumePoolSelector
+bucketPoolSelector
map[string]string 		-

VolumePoolSelector selects a suitable VolumePoolRef by the given labels.

+

BucketPoolSelector selects a suitable BucketPoolRef by the given labels.

+
+bucketPoolRef
+ + +Kubernetes core/v1.LocalObjectReference + + +		 +

BucketPoolRef indicates which BucketPool to use for a bucket. +If unset, the scheduler will figure out a suitable BucketPoolRef.

+
+tolerations
+ + +[]github.com/onmetal/onmetal-api/api/common/v1alpha1.Toleration + + +		 +

Tolerations define tolerations the Bucket has. Only any BucketPool whose taints +covered by Tolerations will be considered to host the Bucket.

+
+ + + + +status
+ + +BucketStatus + + + + + + + + +

BucketClass +

+
+

BucketClass is the Schema for the bucketclasses API

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +storage.api.onmetal.de/v1alpha1 + +
+kind
+string +		BucketClass
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+capabilities
+ + +Kubernetes core/v1.ResourceList + + +		 +

Capabilities describes the capabilities of a BucketClass.

+
+

BucketPool +

+
+

BucketPool is the Schema for the bucketpools API

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +storage.api.onmetal.de/v1alpha1 + +
+kind
+string +		BucketPool
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec
+ + +BucketPoolSpec + + +		 +
+
+ + + + + + + + + +
+providerID
+ +string + +		 +

ProviderID identifies the BucketPool on provider side.

+
+taints
+ + +[]github.com/onmetal/onmetal-api/api/common/v1alpha1.Taint + + +		 +

Taints of the BucketPool. Only Buckets who tolerate all the taints +will land in the BucketPool.

+
+
+status
+ + +BucketPoolStatus + + +		 +
+

Volume +

+
+

Volume is the Schema for the volumes API

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +storage.api.onmetal.de/v1alpha1 + +
+kind
+string 		Volume
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec
+ + +VolumeSpec + + +		 +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+volumeClassRef
+ + +Kubernetes core/v1.LocalObjectReference + + +		 +

VolumeClassRef is the VolumeClass of a volume +If empty, an external controller has to provision the volume.

+
+volumePoolSelector
+ +map[string]string + +		 +

VolumePoolSelector selects a suitable VolumePoolRef by the given labels.

+
+volumePoolRef
+ + +Kubernetes core/v1.LocalObjectReference + + +		 +

VolumePoolRef indicates which VolumePool to use for a volume. +If unset, the scheduler will figure out a suitable VolumePoolRef.

+
+claimRef
+ + +github.com/onmetal/onmetal-api/api/common/v1alpha1.LocalUIDReference + + +		 +

ClaimRef is the reference to the claiming entity of the Volume.

+
+resources
+ + +Kubernetes core/v1.ResourceList + + +		 +

Resources is a description of the volume’s resources and capacity.

+
+image
+ +string + +		 +

Image is an optional image to bootstrap the volume with.

+
+imagePullSecretRef
+ + +Kubernetes core/v1.LocalObjectReference + + +		 +

ImagePullSecretRef is an optional secret for pulling the image of a volume.

+
+unclaimable
+ +bool + +		 +

Unclaimable marks the volume as unclaimable.

+
+tolerations
+ + +[]github.com/onmetal/onmetal-api/api/common/v1alpha1.Toleration + + +		 +

Tolerations define tolerations the Volume has. Only any VolumePool whose taints +covered by Tolerations will be considered to host the Volume.

+
+encryption
+ + +VolumeEncryption + + +		 +

Encryption is an optional field which provides attributes to encrypt Volume.

+
+
+status
+ + +VolumeStatus + + +		 +
+

VolumeClass +

+
+

VolumeClass is the Schema for the volumeclasses API

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +storage.api.onmetal.de/v1alpha1 + +
+kind
+string +		VolumeClass
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+capabilities
+ + +Kubernetes core/v1.ResourceList + + +		 +

Capabilities describes the capabilities of a VolumeClass.

+
+

VolumePool +

+
+

VolumePool is the Schema for the volumepools API

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +storage.api.onmetal.de/v1alpha1 + +
+kind
+string +		VolumePool
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec
+ + +VolumePoolSpec + + +		 +
+
+ + + + + + + + + +
+providerID
+ +string + +		 +

ProviderID identifies the VolumePool on provider side.

+
+taints
+ + +[]github.com/onmetal/onmetal-api/api/common/v1alpha1.Taint + + +		 +

Taints of the VolumePool. Only Volumes who tolerate all the taints +will land in the VolumePool.

+
+
+status
+ + +VolumePoolStatus + + +		 +
+

BucketAccess +

+

+(Appears on:BucketStatus) +

+
+

BucketAccess represents information on how to access a bucket.

+
+ + + + + + + + + + + + + + + + + +
FieldDescription
+secretRef
+ + +Kubernetes core/v1.LocalObjectReference + + +		 +

SecretRef references the Secret containing the access credentials to consume a Bucket.

+
+endpoint
+ +string + +		 +

Endpoint defines address of the Bucket REST-API.

+
+

BucketCondition +

+

+(Appears on:BucketStatus) +

+
+

BucketCondition is one of the conditions of a bucket.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+type
+ + +BucketConditionType + + +		 +

Type is the type of the condition.

+
+status
+ + +Kubernetes core/v1.ConditionStatus + + +		 +

Status is the status of the condition.

+
+reason
+ +string + +		 +

Reason is a machine-readable indication of why the condition is in a certain state.

+
+message
+ +string + +		 +

Message is a human-readable explanation of why the condition has a certain reason / state.

+
+observedGeneration
+ +int64 + +		 +

ObservedGeneration represents the .metadata.generation that the condition was set based upon.

+
+lastTransitionTime
+ + +Kubernetes meta/v1.Time + + +		 +

LastTransitionTime is the last time the status of a condition has transitioned from one state to another.

+
+

BucketConditionType +(string alias)

+

+(Appears on:BucketCondition) +

+
+

BucketConditionType is a type a BucketCondition can have.

+
+

BucketPoolSpec +

+

+(Appears on:BucketPool) +

+
+

BucketPoolSpec defines the desired state of BucketPool

+
+ + + + + + + + +
FieldDescription
-volumePoolRef
+providerID
- -Kubernetes core/v1.LocalObjectReference - +string 		-

VolumePoolRef indicates which VolumePool to use for a volume. -If unset, the scheduler will figure out a suitable VolumePoolRef.

+

ProviderID identifies the BucketPool on provider side.
-claimRef
+taints
- -github.com/onmetal/onmetal-api/api/common/v1alpha1.LocalUIDReference + +[]github.com/onmetal/onmetal-api/api/common/v1alpha1.Taint 		-

ClaimRef is the reference to the claiming entity of the Volume.

+

Taints of the BucketPool. Only Buckets who tolerate all the taints +will land in the BucketPool.
+

BucketPoolState +(string alias)

+

+(Appears on:BucketPoolStatus) +

+
+
+ + + + + + + + + + + + + + +
ValueDescription

"Available"

"Pending"

"Unavailable"

+

BucketPoolStatus +

+

+(Appears on:BucketPool) +

+
+

BucketPoolStatus defines the observed state of BucketPool

+
+ + + + + + + + + +
FieldDescription
-resources
+state
- -Kubernetes core/v1.ResourceList + +BucketPoolState 		-

Resources is a description of the volume’s resources and capacity.

+

State represents the infrastructure state of a BucketPool.
-image
+availableBucketClasses
-string + +[]Kubernetes core/v1.LocalObjectReference + 		-

Image is an optional image to bootstrap the volume with.

+

AvailableBucketClasses list the references of any supported BucketClass of this pool
+

BucketSpec +

+

+(Appears on:Bucket, BucketTemplateSpec) +

+
+

BucketSpec defines the desired state of Bucket

+
+ + + + + + + + - -
FieldDescription
-imagePullSecretRef
+bucketClassRef
Kubernetes core/v1.LocalObjectReference @@ -159,55 +941,84 @@ Kubernetes core/v1.LocalObjectReference 		-

ImagePullSecretRef is an optional secret for pulling the image of a volume.

+

BucketClassRef is the BucketClass of a bucket +If empty, an external controller has to provision the bucket.
-unclaimable
+bucketPoolSelector
-bool +map[string]string 		-

Unclaimable marks the volume as unclaimable.

+

BucketPoolSelector selects a suitable BucketPoolRef by the given labels.
-tolerations
+bucketPoolRef
- -[]github.com/onmetal/onmetal-api/api/common/v1alpha1.Toleration + +Kubernetes core/v1.LocalObjectReference 		-

Tolerations define tolerations the Volume has. Only any VolumePool whose taints -covered by Tolerations will be considered to host the Volume.

-
+

BucketPoolRef indicates which BucketPool to use for a bucket. +If unset, the scheduler will figure out a suitable BucketPoolRef.

-status
+tolerations
- -VolumeStatus + +[]github.com/onmetal/onmetal-api/api/common/v1alpha1.Toleration +

Tolerations define tolerations the Bucket has. Only any BucketPool whose taints +covered by Tolerations will be considered to host the Bucket.

-

VolumeClass +

BucketState +(string alias)

+

+(Appears on:BucketStatus) +

+
+

BucketState represents the infrastructure state of a Bucket.

+
+ + + + + + + + + + + + + + +
ValueDescription

"Available"

BucketStateAvailable reports whether a Bucket is available to be used.

+

"Error"

BucketStateError reports that a Bucket is in an error state.

+

"Pending"

BucketStatePending reports whether a Bucket is about to be ready.

+
+

BucketStatus

+

+(Appears on:Bucket) +

-

VolumeClass is the Schema for the volumeclasses API

+

BucketStatus defines the observed state of Bucket

@@ -219,54 +1030,63 @@ VolumeStatus +state
+ + +BucketState + + + + -
-apiVersion
-string		 - -storage.api.onmetal.de/v1alpha1 - +

State represents the infrastructure state of a Bucket.
-kind
-string +lastStateTransitionTime
+ + +Kubernetes meta/v1.Time + + +		 +

LastStateTransitionTime is the last time the State transitioned between values.

VolumeClass
-metadata
+access
- -Kubernetes meta/v1.ObjectMeta + +BucketAccess 		-Refer to the Kubernetes API documentation for the fields of the -metadata field. +

Access specifies how to access a Bucket. +This is set by the bucket provider when the bucket is provisioned.
-capabilities
+conditions
- -Kubernetes core/v1.ResourceList + +[]BucketCondition 		-

Capabilities describes the capabilities of a VolumeClass.

+

Conditions are the conditions of a bucket.
-

VolumePool +

BucketTemplateSpec

-

VolumePool is the Schema for the volumepools API

+

BucketTemplateSpec is the specification of a Bucket template.

@@ -278,23 +1098,6 @@ Kubernetes core/v1.ResourceList - - - - - - - - @@ -322,42 +1125,58 @@ VolumePoolSpec
-apiVersion
-string		 - -storage.api.onmetal.de/v1alpha1 - -
-kind
-string -		VolumePool
metadata
@@ -311,8 +1114,8 @@ Refer to the Kubernetes API documentation for the fields of the 		spec
- -VolumePoolSpec + +BucketSpec
-
-providerID
+bucketClassRef
-string + +Kubernetes core/v1.LocalObjectReference + 		-

ProviderID identifies the VolumePool on provider side.

+

BucketClassRef is the BucketClass of a bucket +If empty, an external controller has to provision the bucket.
-taints
+bucketPoolSelector
- -[]github.com/onmetal/onmetal-api/api/common/v1alpha1.Taint - +map[string]string 		-

Taints of the VolumePool. Only Volumes who tolerate all the taints -will land in the VolumePool.

+

BucketPoolSelector selects a suitable BucketPoolRef by the given labels.
+ + +bucketPoolRef
+ + +Kubernetes core/v1.LocalObjectReference + + + + +

BucketPoolRef indicates which BucketPool to use for a bucket. +If unset, the scheduler will figure out a suitable BucketPoolRef.

-status
+tolerations
- -VolumePoolStatus + +[]github.com/onmetal/onmetal-api/api/common/v1alpha1.Toleration +

Tolerations define tolerations the Bucket has. Only any BucketPool whose taints +covered by Tolerations will be considered to host the Bucket.

+ + + @@ -524,6 +1343,38 @@ Kubernetes meta/v1.Time

VolumeConditionType is a type a VolumeCondition can have.

+

VolumeEncryption +

+

+(Appears on:VolumeSpec) +

+
+

VolumeEncryption represents information to encrypt a volume.

+
+ + + + + + + + + + + + + +
FieldDescription
+secretRef
+ + +Kubernetes core/v1.LocalObjectReference + + +		 +

SecretRef references the Secret containing the encryption key to encrypt a Volume. +This secret is created by user with encryptionKey as Key and base64 encoded 256-bit encryption key as Value.

+

VolumePhase (string alias)

@@ -707,10 +1558,10 @@ will land in the VolumePool.

"Available"

-

"NotAvailable"

-

"Pending"

+

"Unavailable"

+

VolumePoolStatus @@ -924,6 +1775,19 @@ bool covered by Tolerations will be considered to host the Volume.

+ + +encryption
+ + +VolumeEncryption + + + + +

Encryption is an optional field which provides attributes to encrypt Volume.

+ +

VolumeState @@ -1203,6 +2067,19 @@ bool covered by Tolerations will be considered to host the Volume.

+ + +encryption
+ + +VolumeEncryption + + + + +

Encryption is an optional field which provides attributes to encrypt Volume.

+ + diff --git a/go.mod b/go.mod index 07922a12f..40953f9d7 100644 --- a/go.mod +++ b/go.mod @@ -10,9 +10,9 @@ require ( github.com/google/go-cmp v0.5.9 github.com/gorilla/mux v1.8.0 github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae - github.com/onmetal/controller-utils v0.6.7-0.20230109144521-67f4a1e9104d + github.com/onmetal/controller-utils v0.6.7 github.com/onsi/ginkgo/v2 v2.7.0 - github.com/onsi/gomega v1.24.2 + github.com/onsi/gomega v1.25.0 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 go.uber.org/atomic v1.10.0 @@ -95,11 +95,11 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.24.0 // indirect golang.org/x/crypto v0.1.0 // indirect - golang.org/x/net v0.4.0 // indirect + golang.org/x/net v0.5.0 // indirect golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect - golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect - golang.org/x/term v0.3.0 // indirect - golang.org/x/text v0.5.0 // indirect + golang.org/x/sync v0.1.0 // indirect + golang.org/x/term v0.4.0 // indirect + golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 0aa6d9d3b..8dad61903 100644 --- a/go.sum +++ b/go.sum @@ -285,12 +285,12 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onmetal/controller-utils v0.6.7-0.20230109144521-67f4a1e9104d h1:NI7hmxUSOZTAPh5OiQu6iLnd4UT3eyF4a61pMIJYcng= -github.com/onmetal/controller-utils v0.6.7-0.20230109144521-67f4a1e9104d/go.mod h1:W5jhCn1ACeHQx/NKoxVQuUsajbIdBOLebktdrFFXvKE= +github.com/onmetal/controller-utils v0.6.7 h1:+wtyeZqEmEJqOT42epU1h23oSQDMM7IPr80Bb8WCQf4= +github.com/onmetal/controller-utils v0.6.7/go.mod h1:9W12MbvhUMTIVassOCsbdBqZ0TyixKAhD5msoxM8kC4= github.com/onsi/ginkgo/v2 v2.7.0 h1:/XxtEV3I3Eif/HobnVx9YmJgk8ENdRsuUmM+fLCFNow= github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= -github.com/onsi/gomega v1.24.2 h1:J/tulyYK6JwBldPViHJReihxxZ+22FHs0piGjQAvoUE= -github.com/onsi/gomega v1.24.2/go.mod h1:gs3J10IS7Z7r7eXRoNJIrNqU4ToQukCJhFtKrWgHWnk= +github.com/onsi/gomega v1.25.0 h1:Vw7br2PCDYijJHSfBOWhov+8cAnUf8MfMaIOV323l6Y= +github.com/onsi/gomega v1.25.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -481,8 +481,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= -golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -504,8 +504,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -554,8 +554,8 @@ golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= -golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg= +golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -564,8 +564,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= -golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/onmetal-apiserver/internal/apis/compute/machine_types.go b/onmetal-apiserver/internal/apis/compute/machine_types.go index f18e3d802..f9d4dfb92 100644 --- a/onmetal-apiserver/internal/apis/compute/machine_types.go +++ b/onmetal-apiserver/internal/apis/compute/machine_types.go @@ -33,7 +33,7 @@ type MachineSpec struct { // MachinePoolRef defines machine pool to run the machine in. // If empty, a scheduler will figure out an appropriate pool to run the machine in. MachinePoolRef *corev1.LocalObjectReference - // Power ist the desired machine power state. + // Power is the desired machine power state. // Defaults to PowerOn. Power Power // Image is the optional URL providing the operating system image of the machine. diff --git a/onmetal-apiserver/internal/apis/storage/v1alpha1/zz_generated.conversion.go b/onmetal-apiserver/internal/apis/storage/v1alpha1/zz_generated.conversion.go index 40c87fad2..aecd28e92 100644 --- a/onmetal-apiserver/internal/apis/storage/v1alpha1/zz_generated.conversion.go +++ b/onmetal-apiserver/internal/apis/storage/v1alpha1/zz_generated.conversion.go @@ -219,6 +219,16 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*v1alpha1.VolumeEncryption)(nil), (*storage.VolumeEncryption)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_VolumeEncryption_To_storage_VolumeEncryption(a.(*v1alpha1.VolumeEncryption), b.(*storage.VolumeEncryption), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*storage.VolumeEncryption)(nil), (*v1alpha1.VolumeEncryption)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_storage_VolumeEncryption_To_v1alpha1_VolumeEncryption(a.(*storage.VolumeEncryption), b.(*v1alpha1.VolumeEncryption), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*v1alpha1.VolumeList)(nil), (*storage.VolumeList)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_VolumeList_To_storage_VolumeList(a.(*v1alpha1.VolumeList), b.(*storage.VolumeList), scope) }); err != nil { @@ -770,6 +780,26 @@ func Convert_storage_VolumeCondition_To_v1alpha1_VolumeCondition(in *storage.Vol return autoConvert_storage_VolumeCondition_To_v1alpha1_VolumeCondition(in, out, s) } +func autoConvert_v1alpha1_VolumeEncryption_To_storage_VolumeEncryption(in *v1alpha1.VolumeEncryption, out *storage.VolumeEncryption, s conversion.Scope) error { + out.SecretRef = in.SecretRef + return nil +} + +// Convert_v1alpha1_VolumeEncryption_To_storage_VolumeEncryption is an autogenerated conversion function. +func Convert_v1alpha1_VolumeEncryption_To_storage_VolumeEncryption(in *v1alpha1.VolumeEncryption, out *storage.VolumeEncryption, s conversion.Scope) error { + return autoConvert_v1alpha1_VolumeEncryption_To_storage_VolumeEncryption(in, out, s) +} + +func autoConvert_storage_VolumeEncryption_To_v1alpha1_VolumeEncryption(in *storage.VolumeEncryption, out *v1alpha1.VolumeEncryption, s conversion.Scope) error { + out.SecretRef = in.SecretRef + return nil +} + +// Convert_storage_VolumeEncryption_To_v1alpha1_VolumeEncryption is an autogenerated conversion function. +func Convert_storage_VolumeEncryption_To_v1alpha1_VolumeEncryption(in *storage.VolumeEncryption, out *v1alpha1.VolumeEncryption, s conversion.Scope) error { + return autoConvert_storage_VolumeEncryption_To_v1alpha1_VolumeEncryption(in, out, s) +} + func autoConvert_v1alpha1_VolumeList_To_storage_VolumeList(in *v1alpha1.VolumeList, out *storage.VolumeList, s conversion.Scope) error { out.ListMeta = in.ListMeta out.Items = *(*[]storage.Volume)(unsafe.Pointer(&in.Items)) @@ -936,6 +966,7 @@ func autoConvert_v1alpha1_VolumeSpec_To_storage_VolumeSpec(in *v1alpha1.VolumeSp out.ImagePullSecretRef = (*v1.LocalObjectReference)(unsafe.Pointer(in.ImagePullSecretRef)) out.Unclaimable = in.Unclaimable out.Tolerations = *(*[]commonv1alpha1.Toleration)(unsafe.Pointer(&in.Tolerations)) + out.Encryption = (*storage.VolumeEncryption)(unsafe.Pointer(in.Encryption)) return nil } @@ -954,6 +985,7 @@ func autoConvert_storage_VolumeSpec_To_v1alpha1_VolumeSpec(in *storage.VolumeSpe out.ImagePullSecretRef = (*v1.LocalObjectReference)(unsafe.Pointer(in.ImagePullSecretRef)) out.Unclaimable = in.Unclaimable out.Tolerations = *(*[]commonv1alpha1.Toleration)(unsafe.Pointer(&in.Tolerations)) + out.Encryption = (*v1alpha1.VolumeEncryption)(unsafe.Pointer(in.Encryption)) return nil } diff --git a/onmetal-apiserver/internal/apis/storage/validation/volume.go b/onmetal-apiserver/internal/apis/storage/validation/volume.go index bc9492441..8247f2d67 100644 --- a/onmetal-apiserver/internal/apis/storage/validation/volume.go +++ b/onmetal-apiserver/internal/apis/storage/validation/volume.go @@ -17,12 +17,13 @@ package validation import ( "fmt" - onmetalapivalidation "github.com/onmetal/onmetal-api/onmetal-apiserver/internal/api/validation" - "github.com/onmetal/onmetal-api/onmetal-apiserver/internal/apis/storage" corev1 "k8s.io/api/core/v1" apivalidation "k8s.io/apimachinery/pkg/api/validation" metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation" "k8s.io/apimachinery/pkg/util/validation/field" + + onmetalapivalidation "github.com/onmetal/onmetal-api/onmetal-apiserver/internal/api/validation" + "github.com/onmetal/onmetal-api/onmetal-apiserver/internal/apis/storage" ) func ValidateVolume(volume *storage.Volume) field.ErrorList { @@ -100,6 +101,12 @@ func validateVolumeSpec(spec *storage.VolumeSpec, fldPath *field.Path) field.Err } } + if spec.Encryption != nil { + for _, msg := range apivalidation.NameIsDNSLabel(spec.Encryption.SecretRef.Name, false) { + allErrs = append(allErrs, field.Invalid(fldPath.Child("encryption").Child("secretRef").Child("name"), spec.Encryption.SecretRef.Name, msg)) + } + } + return allErrs } @@ -118,6 +125,7 @@ func validateVolumeSpecUpdate(newSpec, oldSpec *storage.VolumeSpec, fldPath *fie allErrs = append(allErrs, onmetalapivalidation.ValidateImmutableField(newSpec.VolumeClassRef, oldSpec.VolumeClassRef, fldPath.Child("volumeClassRef"))...) allErrs = append(allErrs, onmetalapivalidation.ValidateSetOnceField(newSpec.VolumePoolRef, oldSpec.VolumePoolRef, fldPath.Child("volumePoolRef"))...) + allErrs = append(allErrs, onmetalapivalidation.ValidateImmutableField(newSpec.Encryption, oldSpec.Encryption, fldPath.Child("encryption"))...) return allErrs } diff --git a/onmetal-apiserver/internal/apis/storage/validation/volume_test.go b/onmetal-apiserver/internal/apis/storage/validation/volume_test.go index 03aab0bcd..c51625fd9 100644 --- a/onmetal-apiserver/internal/apis/storage/validation/volume_test.go +++ b/onmetal-apiserver/internal/apis/storage/validation/volume_test.go @@ -15,16 +15,17 @@ package validation_test import ( - commonv1alpha1 "github.com/onmetal/onmetal-api/api/common/v1alpha1" - "github.com/onmetal/onmetal-api/onmetal-apiserver/internal/apis/storage" - . "github.com/onmetal/onmetal-api/onmetal-apiserver/internal/apis/storage/validation" - . "github.com/onmetal/onmetal-api/onmetal-apiserver/internal/testutils/validation" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/onsi/gomega/types" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + commonv1alpha1 "github.com/onmetal/onmetal-api/api/common/v1alpha1" + "github.com/onmetal/onmetal-api/onmetal-apiserver/internal/apis/storage" + . "github.com/onmetal/onmetal-api/onmetal-apiserver/internal/apis/storage/validation" + . "github.com/onmetal/onmetal-api/onmetal-apiserver/internal/testutils/validation" ) var _ = Describe("Volume", func() { @@ -132,6 +133,15 @@ var _ = Describe("Volume", func() { }, ContainElement(InvalidField("spec.resources[storage]")), ), + Entry("valid encryption secret ref name", + &storage.Volume{ + Spec: storage.VolumeSpec{ + VolumeClassRef: &corev1.LocalObjectReference{Name: "foo"}, + Encryption: &storage.VolumeEncryption{SecretRef: corev1.LocalObjectReference{Name: "foo"}}, + }, + }, + Not(ContainElement(InvalidField("spec.encryption.secretRef.name"))), + ), ) DescribeTable("ValidateVolumeUpdate", @@ -181,5 +191,48 @@ var _ = Describe("Volume", func() { }, Not(ContainElement(ImmutableField("spec.volumePoolRef"))), ), + Entry("immutable encryption: modify encryption field", + &storage.Volume{ + Spec: storage.VolumeSpec{ + VolumeClassRef: &corev1.LocalObjectReference{Name: "foo"}, + Encryption: &storage.VolumeEncryption{SecretRef: corev1.LocalObjectReference{Name: "foo"}}, + }, + }, + &storage.Volume{ + Spec: storage.VolumeSpec{ + VolumeClassRef: &corev1.LocalObjectReference{Name: "foo"}, + Encryption: &storage.VolumeEncryption{SecretRef: corev1.LocalObjectReference{Name: "bar"}}, + }, + }, + ContainElement(ImmutableField("spec.encryption")), + ), + Entry("immutable encryption: add encryption field", + &storage.Volume{ + Spec: storage.VolumeSpec{ + VolumeClassRef: &corev1.LocalObjectReference{Name: "foo"}, + }, + }, + &storage.Volume{ + Spec: storage.VolumeSpec{ + VolumeClassRef: &corev1.LocalObjectReference{Name: "foo"}, + Encryption: &storage.VolumeEncryption{SecretRef: corev1.LocalObjectReference{Name: "foo"}}, + }, + }, + ContainElement(ImmutableField("spec.encryption")), + ), + Entry("immutable encryption: remove encryption field", + &storage.Volume{ + Spec: storage.VolumeSpec{ + VolumeClassRef: &corev1.LocalObjectReference{Name: "foo"}, + Encryption: &storage.VolumeEncryption{SecretRef: corev1.LocalObjectReference{Name: "foo"}}, + }, + }, + &storage.Volume{ + Spec: storage.VolumeSpec{ + VolumeClassRef: &corev1.LocalObjectReference{Name: "foo"}, + }, + }, + ContainElement(ImmutableField("spec.encryption")), + ), ) }) diff --git a/onmetal-apiserver/internal/apis/storage/volume_types.go b/onmetal-apiserver/internal/apis/storage/volume_types.go index 78ebdbdb2..5ab1394fd 100644 --- a/onmetal-apiserver/internal/apis/storage/volume_types.go +++ b/onmetal-apiserver/internal/apis/storage/volume_types.go @@ -17,10 +17,11 @@ package storage import ( - commonv1alpha1 "github.com/onmetal/onmetal-api/api/common/v1alpha1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" + + commonv1alpha1 "github.com/onmetal/onmetal-api/api/common/v1alpha1" ) // VolumeGK is a helper to easily access the GroupKind information of an Volume @@ -29,6 +30,13 @@ var VolumeGK = schema.GroupKind{ Kind: "Volume", } +// VolumeEncryption represents information to encrypt a volume. +type VolumeEncryption struct { + // SecretRef references the Secret containing the encryption key to encrypt a Volume. + // This secret is created by user with encryptionKey as Key and base64 encoded 256-bit encryption key as Value. + SecretRef corev1.LocalObjectReference +} + // VolumeSpec defines the desired state of Volume type VolumeSpec struct { // VolumeClassRef is the volume class of a volume @@ -51,6 +59,8 @@ type VolumeSpec struct { // Tolerations define tolerations the Volume has. Only a VolumePool whose taints // covered by Tolerations will be considered to host the Volume. Tolerations []commonv1alpha1.Toleration + // Encryption is an optional field which provides attributes to encrypt Volume. + Encryption *VolumeEncryption } // VolumeAccess represents information on how to access a volume. diff --git a/onmetal-apiserver/internal/apis/storage/zz_generated.deepcopy.go b/onmetal-apiserver/internal/apis/storage/zz_generated.deepcopy.go index 3e6dc97e4..5cd60f014 100644 --- a/onmetal-apiserver/internal/apis/storage/zz_generated.deepcopy.go +++ b/onmetal-apiserver/internal/apis/storage/zz_generated.deepcopy.go @@ -521,6 +521,23 @@ func (in *VolumeCondition) DeepCopy() *VolumeCondition { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VolumeEncryption) DeepCopyInto(out *VolumeEncryption) { + *out = *in + out.SecretRef = in.SecretRef + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeEncryption. +func (in *VolumeEncryption) DeepCopy() *VolumeEncryption { + if in == nil { + return nil + } + out := new(VolumeEncryption) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VolumeList) DeepCopyInto(out *VolumeList) { *out = *in @@ -737,6 +754,11 @@ func (in *VolumeSpec) DeepCopyInto(out *VolumeSpec) { *out = make([]v1alpha1.Toleration, len(*in)) copy(*out, *in) } + if in.Encryption != nil { + in, out := &in.Encryption, &out.Encryption + *out = new(VolumeEncryption) + **out = **in + } return }