Skip to content

Commit

Permalink
Add LUKS key to the vm
Browse files Browse the repository at this point in the history 
This patch adds the LUKS keys to the VM specs using a secret ref. It
expected to have list of strings. Each value will use the `all` selector
option based on virt-v2v docs
(https://www.libguestfs.org/virt-v2v.1.html).

The secret should be provided in the destination namespace, the key
should be `luks` and the values should be the arguments provided to
virt-v2v, such as:

```
passphrase1
passphrase2
...
```

Signed-off-by: Liran Rotenberg <[email protected]>
  • Loading branch information
@liranr23
liranr23 committed May 29, 2024
1 parent ee06063 commit 7df1f7a
Show file tree
Hide file tree
Showing 4 changed files with 119 additions and 0 deletions.
38 changes: 38 additions & 0 deletions operator/config/crd/bases/forklift.konveyor.io_migrations.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,44 @@ spec:
id:
description: 'The object ID. vsphere: The managed object ID.'
type: string
luks:
description: Disk decryption LUKS keys
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a valid
JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that
triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod).
This syntax is chosen only to have some well-defined way
of referencing a part of an object. TODO: this design
is not final and this field is subject to change in the
future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
x-kubernetes-map-type: atomic
name:
description: 'An object Name. vsphere: A qualified name.'
type: string
Expand Down
77 changes: 77 additions & 0 deletions operator/config/crd/bases/forklift.konveyor.io_plans.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,44 @@ spec:
id:
description: 'The object ID. vsphere: The managed object ID.'
type: string
luks:
description: Disk decryption LUKS keys
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a valid
JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that
triggered the event) or if no container name is specified
"spec.containers[2]" (container with index 2 in this pod).
This syntax is chosen only to have some well-defined way
of referencing a part of an object. TODO: this design
is not final and this field is subject to change in the
future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
x-kubernetes-map-type: atomic
name:
description: 'An object Name. vsphere: A qualified name.'
type: string
Expand Down Expand Up @@ -733,6 +771,45 @@ spec:
description: 'The object ID. vsphere: The managed object
ID.'
type: string
luks:
description: Disk decryption LUKS keys
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a
valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to
have some well-defined way of referencing a part of
an object. TODO: this design is not final and this
field is subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
x-kubernetes-map-type: atomic
name:
description: 'An object Name. vsphere: A qualified name.'
type: string
Expand Down
3 changes: 3 additions & 0 deletions pkg/apis/forklift/v1beta1/plan/vm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@ type VM struct {
ref.Ref `json:",inline"`
// Enable hooks.
Hooks []HookRef `json:"hooks,omitempty"`
// Disk decryption LUKS keys
// +optional
LUKS core.ObjectReference `json:"luks" ref:"Secret"`
}

// Find a Hook for the specified step.
Expand Down
1 change: 1 addition & 0 deletions pkg/apis/forklift/v1beta1/plan/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 7df1f7a

Please sign in to comment.