Skip to content

Commit

Permalink
enable LDE by default, add note in docs with option for disabling
Browse files Browse the repository at this point in the history
  • Loading branch information
AshleyDumaine committed Jul 29, 2024
1 parent 856e393 commit 28f1eca
Show file tree
Hide file tree
Showing 7 changed files with 23 additions and 10 deletions.
1 change: 1 addition & 0 deletions api/v1alpha1/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions api/v1alpha2/linodemachine_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ type LinodeMachineSpec struct {
DataDisks map[string]*InstanceDisk `json:"dataDisks,omitempty"`
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
// +kubebuilder:validation:Enum=enabled;disabled
// +kubebuilder:default=enabled
// DiskEncryption determines if the disks of the instance should be encrypted.
DiskEncryption string `json:"diskEncryption,omitempty"`

Expand Down
10 changes: 2 additions & 8 deletions api/v1alpha2/linodemachine_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,14 +113,8 @@ func (r *LinodeMachine) validateLinodeMachineSpec(ctx context.Context, client Li
// TODO: instrument with tracing, might need refactor to preserve readibility
var errs field.ErrorList

if r.Spec.DiskEncryption == "enabled" {
if err := validateRegion(ctx, client, r.Spec.Region, field.NewPath("spec").Child("region"), linodego.CapabilityDiskEncryption); err != nil {
errs = append(errs, err)
}
} else {
if err := validateRegion(ctx, client, r.Spec.Region, field.NewPath("spec").Child("region")); err != nil {
errs = append(errs, err)
}
if err := validateRegion(ctx, client, r.Spec.Region, field.NewPath("spec").Child("region")); err != nil {
errs = append(errs, err)
}
plan, err := validateLinodeType(ctx, client, r.Spec.Type, field.NewPath("spec").Child("type"))
if err != nil {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -522,6 +522,7 @@ spec:
The sum of these disks + the OSDisk must not be more than allowed on a linodes plan
type: object
diskEncryption:
default: enabled
description: DiskEncryption determines if the disks of the instance
should be encrypted.
enum:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -386,6 +386,17 @@ spec:
DataDisks is a map of any additional disks to add to an instance,
The sum of these disks + the OSDisk must not be more than allowed on a linodes plan
type: object
diskEncryption:
default: enabled
description: DiskEncryption determines if the disks of the
instance should be encrypted.
enum:
- enabled
- disabled
type: string
x-kubernetes-validations:
- message: Value is immutable
rule: self == oldSelf
firewallID:
type: integer
x-kubernetes-validations:
Expand Down
7 changes: 5 additions & 2 deletions docs/src/topics/getting-started.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,12 @@ export LINODE_MACHINE_TYPE=g6-standard-2
For Regions and Images that do not yet support Akamai's cloud-init datasource CAPL will automatically use a stackscript shim
to provision the node. If you are using a custom image ensure the [cloud_init](https://www.linode.com/docs/api/images/#image-create) flag is set correctly on it
```
```admonish warning
By default, clusters are provisioned within VPC. For Regions which do not have [VPC support](https://www.linode.com/docs/products/networking/vpc/#availability) yet, use the [VPCLess](./flavors/vpcless.md) flavor to have clusters provisioned.
~~~admonish warning
By default, clusters are provisioned within VPC with disk encryption enabled. For Regions which do not have [VPC support](https://www.linode.com/docs/products/networking/vpc/#availability) yet, use the [VPCLess](./flavors/vpcless.md) flavor to have clusters provisioned. For disabling disk encryption, set the disk encryption envionment variable:
```
export LINODE_DISK_ENCYPTION=disabled
```
~~~

## Install CAPL on your management cluster
```admonish warning
Expand Down
2 changes: 2 additions & 0 deletions templates/infra/linodeMachineTemplate.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ spec:
image: ${LINODE_OS:="linode/ubuntu22.04"}
type: ${LINODE_CONTROL_PLANE_MACHINE_TYPE}
region: ${LINODE_REGION}
diskEncryption: ${LINODE_DISK_ENCRYPTION:=enabled}
interfaces:
- purpose: public
authorizedKeys:
Expand All @@ -25,6 +26,7 @@ spec:
image: ${LINODE_OS:="linode/ubuntu22.04"}
type: ${LINODE_MACHINE_TYPE}
region: ${LINODE_REGION}
diskEncryption: ${LINODE_DISK_ENCRYPTION:=enabled}
interfaces:
- purpose: public
authorizedKeys:
Expand Down

0 comments on commit 28f1eca

Please sign in to comment.