Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for EBS volume encryption #663

Merged
merged 2 commits into from
Dec 18, 2019
Merged

Add support for EBS volume encryption #663

merged 2 commits into from
Dec 18, 2019

Conversation

moadqassem
Copy link
Member

What this PR does / why we need it:
This indicates whether the encryption state of an EBS volume is changed while being restored from a backing snapshot.

Which issue(s) this PR fixes
Fixes #

None

@kubermatic-bot kubermatic-bot added release-note-none Denotes a PR that doesn't merit a release note. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Dec 16, 2019
alvaroaleman
alvaroaleman reviewed Dec 16, 2019
View reviewed changes
pkg/cloudprovider/provider/aws/provider.go
@@ -509,6 +514,7 @@ func (p *provider) Create(machine *v1alpha1.Machine, data *cloudprovidertypes.Pr
DeleteOnTermination: aws.Bool(true),
VolumeType: aws.String(config.DiskType),
Iops: config.DiskIops,
Encrypted: pointer.BoolPtr(config.EBSVolumeEncrypted),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add an e2e test where this is enabled?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran the current e2e tests with this sat to true and the tests are passed( I am not sure though if this change has any influence on the machine, e.g: the machine will not be provisioned). We can add another test with this enabled. WDYT?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sgtm, but I don't think we need to test this on all kube versions and all distributions, one version on one distribution should be enough

test/e2e/provisioning/testdata/machinedeployment-aws.yaml
@@ -33,6 +33,7 @@ spec:
instanceProfile: "kubernetes-v1"
diskSize: 50
diskType: "gp2"
ebsVolumeEncrypted: false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also add this to the sample manifest in examples/

@moadqassem moadqassem force-pushed the support-for-encrypted-root-volumes-in-aws-cloud-provider branch from 1a495a1 to 7c13573 Compare December 18, 2019 07:46
@kubermatic-bot kubermatic-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Dec 18, 2019
@moadqassem
Copy link
Member Author

@alvaroaleman PTAL

@alvaroaleman
Copy link
Contributor

@alvaroaleman PTAL

So where is the green e2e run as requested?

@moadqassem moadqassem force-pushed the support-for-encrypted-root-volumes-in-aws-cloud-provider branch from 7c13573 to 84a36d2 Compare December 18, 2019 10:02
@moadqassem
Copy link
Member Author

/test pull-machine-controller-e2e-aws-ebs-encryption-enabled

@moadqassem
Copy link
Member Author

@alvaroaleman PTAL

So where is the green e2e run as requested?

https://public-prow.loodse.com/view/gcs/prow-public-data/pr-logs/pull/kubermatic_machine-controller/663/pull-machine-controller-e2e-aws-ebs-encryption-enabled/1207254364134051840

alvaroaleman
alvaroaleman reviewed Dec 18, 2019
View reviewed changes
.prow.yaml Outdated
@@ -0,0 +1,26 @@
presubmits:
#########################################################
# unit tests
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also no unittest. Other than that, looks good.

@moadqassem
addressing PR review
3445462 
Signed-off-by: Moath Qasim <[email protected]>

Signed-off-by: Moath Qasim <[email protected]>
alvaroaleman
alvaroaleman approved these changes Dec 18, 2019
View reviewed changes
Copy link
Contributor

@alvaroaleman alvaroaleman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Dec 18, 2019
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 1e3c2082299d634b4603454234e41ef02a5ba65a

@kubermatic-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alvaroaleman, moadqassem

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [alvaroaleman,moadqassem]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubermatic-bot kubermatic-bot merged commit 3243593 into master Dec 18, 2019
@kubermatic-bot kubermatic-bot deleted the support-for-encrypted-root-volumes-in-aws-cloud-provider branch December 18, 2019 15:34
@xmudrii xmudrii mentioned this pull request Jan 14, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alvaroaleman alvaroaleman alvaroaleman approved these changes

Assignees

@alvaroaleman alvaroaleman

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@moadqassem @alvaroaleman @kubermatic-bot