✨ Bring your own (encryption) key (BYOK)

[akutz]

What does this PR do, and why is it needed?

This patch adds support for bringing your own encryption key used to encrypt/recrypt VMs.

Which issue(s) is/are addressed by this PR? (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):

Fixes NA

Are there any special notes for your reviewer:

This PR will be rebased once #670 and #672 are merged.

Please add a release note if necessary:

Support bringing your own (encryption) key (BYOK) to encrypt VM workloads

---

📚 Documentation preview 📚: https://vm-operator--673.org.readthedocs.build/en/673/

[dilyar85]

Dropping the first round of review for the API, controller and webhook code. Will post another review for the rest later.

[dilyar85]

LGTM with some minor comments left above. Thanks @akutz for the clear docs and comments on this feature!

[github-actions]

Package	Line Rate	Health
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/clustercontentlibraryitem	82%	➖
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/contentlibraryitem	85%	➖
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/utils	97%	✔
github.com/vmware-tanzu/vm-operator/controllers/infra/capability	86%	➖
github.com/vmware-tanzu/vm-operator/controllers/infra/configmap	71%	❌
github.com/vmware-tanzu/vm-operator/controllers/infra/node	77%	❌
github.com/vmware-tanzu/vm-operator/controllers/infra/secret	77%	❌
github.com/vmware-tanzu/vm-operator/controllers/storageclass	94%	✔
github.com/vmware-tanzu/vm-operator/controllers/storagepolicyquota	97%	✔
github.com/vmware-tanzu/vm-operator/controllers/util/encoding	73%	❌
github.com/vmware-tanzu/vm-operator/controllers/virtualmachine/storagepolicyusage	99%	✔
github.com/vmware-tanzu/vm-operator/controllers/virtualmachine/virtualmachine	77%	❌
github.com/vmware-tanzu/vm-operator/controllers/virtualmachine/volume	87%	➖
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineclass	75%	❌
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinepublishrequest	81%	➖
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinereplicaset	68%	❌
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice	83%	➖
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice/providers	92%	✔
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinesetresourcepolicy	80%	➖
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest/v1alpha1	72%	❌
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest/v1alpha1/conditions	88%	➖
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest/v1alpha1/patch	78%	❌
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest/v1alpha2	73%	❌
github.com/vmware-tanzu/vm-operator/pkg/bitmask	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/builder	95%	✔
github.com/vmware-tanzu/vm-operator/pkg/conditions	88%	➖
github.com/vmware-tanzu/vm-operator/pkg/config	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/config/capabilities	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/config/env	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/context/generic	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/context/operation	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/patch	78%	❌
github.com/vmware-tanzu/vm-operator/pkg/prober	91%	✔
github.com/vmware-tanzu/vm-operator/pkg/prober/probe	90%	✔
github.com/vmware-tanzu/vm-operator/pkg/prober/worker	77%	❌
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere	75%	❌
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/client	80%	➖
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/clustermodules	71%	❌
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/config	89%	✔
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/contentlibrary	74%	❌
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/credentials	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/network	80%	➖
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/placement	77%	❌
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/session	71%	❌
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/sysprep	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/vcenter	82%	➖
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/virtualmachine	83%	➖
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/vmlifecycle	67%	❌
github.com/vmware-tanzu/vm-operator/pkg/record	78%	❌
github.com/vmware-tanzu/vm-operator/pkg/topology	91%	✔
github.com/vmware-tanzu/vm-operator/pkg/util	87%	➖
github.com/vmware-tanzu/vm-operator/pkg/util/annotations	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/cloudinit	89%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/cloudinit/validate	91%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/image	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/kube	84%	➖
github.com/vmware-tanzu/vm-operator/pkg/util/kube/cource	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/kube/internal	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/kube/spq	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/paused	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/ptr	100%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/resize	97%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/vmopv1	91%	✔
github.com/vmware-tanzu/vm-operator/pkg/util/vsphere/client	67%	❌
github.com/vmware-tanzu/vm-operator/pkg/util/vsphere/vm	79%	❌
github.com/vmware-tanzu/vm-operator/pkg/vmconfig	95%	✔
github.com/vmware-tanzu/vm-operator/pkg/vmconfig/crypto	98%	✔
github.com/vmware-tanzu/vm-operator/pkg/webconsolevalidation	100%	✔
github.com/vmware-tanzu/vm-operator/webhooks/common	100%	✔
github.com/vmware-tanzu/vm-operator/webhooks/persistentvolumeclaim/validation	95%	✔
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine/mutation	87%	➖
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine/validation	95%	✔
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass/mutation	62%	❌
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass/validation	89%	➖
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinepublishrequest/validation	92%	✔
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinereplicaset/validation	90%	✔
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice/mutation	67%	❌
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice/validation	92%	✔
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinesetresourcepolicy/validation	89%	✔
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinewebconsolerequest/v1alpha1/validation	92%	✔
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinewebconsolerequest/v1alpha2/validation	92%	✔
Summary	83% (9758 / 11777)	➖

Minimum allowed line rate is 79%

[akutz]

@aruneshpa I have addressed all of your feedback on the PR. While I did not accept it all, and stated my reasons, unless you have a strong objection, I am going to merge this PR so it does not continue to grow. We can revisit your concerns post-merge if that is alright?

[aruneshpa]

@aruneshpa I have addressed all of your feedback on the PR. While I did not accept it all, and stated my reasons, unless you have a strong objection, I am going to merge this PR so it does not continue to grow. We can revisit your concerns post-merge if that is alright?

Sounds good to me. Thanks!