Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encryption of block volumes using EncryptionClasses #3106

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Encryption of block volumes using EncryptionClasses #3106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
17d1672
Encryption of block volumes using EncryptionClasses
nikolay-andreev Nov 14, 2024
60dd425
Fixed syncer async handling and copyright statements
nikolay-andreev Nov 20, 2024
d64a910
Added WCP_VMService_BYOK FSS to CSI configmap
nikolay-andreev Nov 20, 2024
894f858
Added e2e tests for encrypted PVCs attached to VMs
nikolay-andreev Nov 21, 2024
3066fb0
Added comments to public methods and types
nikolay-andreev Nov 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 79 additions & 10 deletions cmd/syncer/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"os/signal"
"regexp"
"strings"
"sync"
"syscall"
"time"

Expand All @@ -34,6 +35,7 @@ import (
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/leaderelection"
rl "k8s.io/client-go/tools/leaderelection/resourcelock"
"k8s.io/sample-controller/pkg/signals"

"sigs.k8s.io/vsphere-csi-driver/v3/pkg/common/cns-lib/node"
"sigs.k8s.io/vsphere-csi-driver/v3/pkg/common/config"
Expand All @@ -45,6 +47,7 @@ import (
k8s "sigs.k8s.io/vsphere-csi-driver/v3/pkg/kubernetes"
"sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer"
"sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer/admissionhandler"
"sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer/byokoperator"
"sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer/cnsoperator/manager"
"sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer/k8scloudoperator"
"sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer/storagepool"
Expand Down Expand Up @@ -247,11 +250,19 @@ func initSyncerComponents(ctx context.Context, clusterFlavor cnstypes.CnsCluster
log := logger.GetLogger(ctx)
// Disconnect vCenter sessions on restart
defer func() {
log.Info("Cleaning up vc sessions syncer components")
if r := recover(); r != nil {
fmt.Printf("panic: %+v", r)
cleanupSessions(ctx, r)
}
}()

var cancel context.CancelFunc
ctx, cancel = context.WithCancel(ctx)
defer cancel()

errChan := make(chan error, 4)
defer close(errChan)

if err := manager.InitCommonModules(ctx, clusterFlavor, coInitParams); err != nil {
log.Errorf("Error initializing common modules for all flavors. Error: %+v", err)
os.Exit(1)
Expand All @@ -273,9 +284,13 @@ func initSyncerComponents(ctx context.Context, clusterFlavor cnstypes.CnsCluster
}
}

wg := sync.WaitGroup{}

// Initialize CNS Operator for Supervisor clusters.
if clusterFlavor == cnstypes.CnsClusterFlavorWorkload {
wg.Add(1)
go func() {
defer wg.Done()
defer func() {
log.Info("Cleaning up vc sessions storage pool service")
if r := recover(); r != nil {
Expand All @@ -289,6 +304,7 @@ func initSyncerComponents(ctx context.Context, clusterFlavor cnstypes.CnsCluster
}
}()
}

if clusterFlavor == cnstypes.CnsClusterFlavorVanilla {
// Initialize node manager so that syncer components can
// retrieve NodeVM using the NodeID.
Expand Down Expand Up @@ -345,28 +361,81 @@ func initSyncerComponents(ctx context.Context, clusterFlavor cnstypes.CnsCluster
}
}
}

wg.Add(1)
go func() {
defer wg.Done()
defer func() {
log.Info("Cleaning up vc sessions cns operator")
if r := recover(); r != nil {
cleanupSessions(ctx, r)
}
}()
if err := manager.InitCnsOperator(ctx, clusterFlavor, configInfo, coInitParams); err != nil {
log.Errorf("Error initializing Cns Operator. Error: %+v", err)
utils.LogoutAllvCenterSessions(ctx)
os.Exit(0)
errChan <- fmt.Errorf("failed to initialize CNS operator: %w", err)
}
}()
syncer.PeriodicSyncIntervalInMin = *periodicSyncIntervalInMin
if err := syncer.InitMetadataSyncer(ctx, clusterFlavor, configInfo); err != nil {
log.Errorf("Error initializing Metadata Syncer. Error: %+v", err)
utils.LogoutAllvCenterSessions(ctx)
os.Exit(0)
if clusterFlavor == cnstypes.CnsClusterFlavorWorkload &&
commonco.ContainerOrchestratorUtility.IsFSSEnabled(ctx, common.WCP_VMService_BYOK) {
// Start BYOK Operator for Supervisor clusters.
wg.Add(1)
go func() {
defer wg.Done()
defer func() {
if r := recover(); r != nil {
cleanupSessions(ctx, r)
}
}()
if err := startByokOperator(ctx, clusterFlavor, configInfo); err != nil {
errChan <- fmt.Errorf("failed to run BYOK operator: %w", err)
}
}()
}

wg.Add(1)
go func() {
defer wg.Done()
defer func() {
if r := recover(); r != nil {
cleanupSessions(ctx, r)
}
}()
syncer.PeriodicSyncIntervalInMin = *periodicSyncIntervalInMin
if err := syncer.InitMetadataSyncer(ctx, clusterFlavor, configInfo); err != nil {
errChan <- fmt.Errorf("failed to initialize Metadata Syncer: %w", err)
}
}()

defer func() {
utils.LogoutAllvCenterSessions(context.Background())
}()

defer func() {
log.Info("Terminating syncer components")
cancel()
wg.Wait()
}()

select {
case <-ctx.Done():
case <-signals.SetupSignalHandler().Done():
case err := <-errChan:
log.Error(err)
}
}
}

func startByokOperator(ctx context.Context,
clusterFlavor cnstypes.CnsClusterFlavor,
configInfo *config.ConfigurationInfo) error {

mgr, err := byokoperator.NewManager(ctx, clusterFlavor, configInfo)
if err != nil {
return err
}

return mgr.Start(ctx)
}

func cleanupSessions(ctx context.Context, r interface{}) {
log := logger.GetLogger(ctx)
log.Errorf("Observed a panic and a restart was invoked, panic: %+v", r)
Expand Down
31 changes: 16 additions & 15 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,31 +16,32 @@ require (
github.com/hashicorp/go-version v1.6.0
github.com/kubernetes-csi/csi-proxy/client v1.1.3
github.com/kubernetes-csi/external-snapshotter/client/v6 v6.1.0
github.com/onsi/ginkgo/v2 v2.11.0
github.com/onsi/gomega v1.27.10
github.com/onsi/ginkgo/v2 v2.19.0
github.com/onsi/gomega v1.33.1
github.com/pkg/sftp v1.13.6
github.com/prometheus/client_golang v1.18.0
github.com/stretchr/testify v1.9.0
github.com/vmware-tanzu/vm-operator/api v1.8.2
github.com/vmware/govmomi v0.46.0
github.com/vmware-tanzu/vm-operator/api v0.0.0-20241108223224-20f977201370
github.com/vmware-tanzu/vm-operator/external/byok v0.0.0-20241108223224-20f977201370
nikolay-andreev marked this conversation as resolved.
Show resolved Hide resolved
github.com/vmware/govmomi v0.46.1
go.uber.org/zap v1.26.0
golang.org/x/crypto v0.26.0
golang.org/x/sync v0.8.0
google.golang.org/grpc v1.67.1
google.golang.org/protobuf v1.34.2
gopkg.in/gcfg.v1 v1.2.3
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.27.10
k8s.io/api v0.31.0
k8s.io/apiextensions-apiserver v0.27.10
k8s.io/apimachinery v0.27.10
k8s.io/apimachinery v0.31.0
k8s.io/client-go v0.27.10
k8s.io/kubectl v0.27.10
k8s.io/kubernetes v1.27.10
k8s.io/mount-utils v0.27.10
k8s.io/pod-security-admission v0.27.10
k8s.io/sample-controller v0.27.10
k8s.io/utils v0.0.0-20230209194617-a36077c30491
sigs.k8s.io/controller-runtime v0.15.3
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/controller-runtime v0.19.0
)

require (
Expand Down Expand Up @@ -75,12 +76,12 @@ require (
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-logr/logr v1.4.1 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.1 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/godbus/dbus/v5 v5.0.6 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
Expand All @@ -91,7 +92,7 @@ require (
github.com/google/gnostic v0.6.9 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
Expand Down Expand Up @@ -183,7 +184,7 @@ require (
k8s.io/cri-api v0.0.0 // indirect
k8s.io/csi-translation-lib v0.26.10 // indirect
k8s.io/dynamic-resource-allocation v0.0.0 // indirect
k8s.io/klog/v2 v2.90.1 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kms v0.27.10 // indirect
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
k8s.io/kube-scheduler v0.26.10 // indirect
Expand All @@ -192,12 +193,12 @@ require (
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/kustomize/api v0.13.2 // indirect
sigs.k8s.io/kustomize/kyaml v0.14.1 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)

replace (
github.com/go-logr/logr => github.com/go-logr/logr v1.2.0
github.com/go-logr/logr => github.com/go-logr/logr v1.4.2
github.com/googleapis/gnostic => github.com/googleapis/gnostic v0.4.1
k8s.io/api => k8s.io/api v0.27.10
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.10
Expand Down
Loading