project: Linode Disk Encryption

.gitignore

@@ -21,3 +21,4 @@
 vendor/**/
 .env
 coverage.txt
+go.work.sum

go.work.sum

@@ -34,6 +34,9 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/
 github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE=
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=

instance_disks.go

@@ -17,6 +17,9 @@ type InstanceDisk struct {
 	Filesystem DiskFilesystem `json:"filesystem"`
 	Created    *time.Time     `json:"-"`
 	Updated    *time.Time     `json:"-"`
+
+	// NOTE: Disk encryption may not currently be available to all users.
+	DiskEncryption InstanceDiskEncryption `json:"disk_encryption"`
 }
 
 // DiskFilesystem constants start with Filesystem and include Linode API Filesystems

instances.go

@@ -63,6 +63,11 @@ type Instance struct {
 
 	// NOTE: Placement Groups may not currently be available to all users.
 	PlacementGroup *InstancePlacementGroup `json:"placement_group"`
+
+	// NOTE: Disk encryption may not currently be available to all users.
+	DiskEncryption InstanceDiskEncryption `json:"disk_encryption"`
+
+	LKEClusterID int `json:"lke_cluster_id"`
 }
 
 // InstanceSpec represents a linode spec
@@ -93,6 +98,13 @@ type InstanceBackup struct {
 	} `json:"schedule,omitempty"`
 }
 
+type InstanceDiskEncryption string
+
+const (
+	InstanceDiskEncryptionEnabled  InstanceDiskEncryption = "enabled"
+	InstanceDiskEncryptionDisabled InstanceDiskEncryption = "disabled"
+)
+
 // InstanceTransfer pool stats for a Linode Instance during the current billing month
 type InstanceTransfer struct {
 	// Bytes of transfer this instance has consumed
@@ -140,6 +152,9 @@ type InstanceCreateOptions struct {
 	Metadata        *InstanceMetadataOptions               `json:"metadata,omitempty"`
 	FirewallID      int                                    `json:"firewall_id,omitempty"`
 
+	// NOTE: Disk encryption may not currently be available to all users.
+	DiskEncryption InstanceDiskEncryption `json:"disk_encryption,omitempty"`
+
 	// NOTE: Placement Groups may not currently be available to all users.
 	PlacementGroup *InstanceCreatePlacementGroupOptions `json:"placement_group,omitempty"`
 
@@ -356,6 +371,9 @@ type InstanceRebuildOptions struct {
 	Booted          *bool                    `json:"booted,omitempty"`
 	Metadata        *InstanceMetadataOptions `json:"metadata,omitempty"`
 	Type            string                   `json:"type,omitempty"`
+
+	// NOTE: Disk encryption may not currently be available to all users.
+	DiskEncryption InstanceDiskEncryption `json:"disk_encryption,omitempty"`
 }
 
 // RebuildInstance Deletes all Disks and Configs on this Linode,

k8s/pkg/condition/lke.go

@@ -33,9 +33,39 @@ func ClusterHasReadyNode(ctx context.Context, options linodego.ClusterConditionO
 	return false, nil
 }
 
+// ClusterNodesReady is a ClusterConditionFunc which polls for all nodes to have the
+// condition NodeReady=True.
+func ClusterNodesReady(ctx context.Context, options linodego.ClusterConditionOptions) (bool, error) {
+	clientset, err := k8s.BuildClientsetFromConfig(options.LKEClusterKubeconfig, options.TransportWrapper)
+	if err != nil {
+		return false, err
+	}
+
+	nodes, err := clientset.CoreV1().Nodes().List(ctx, v1.ListOptions{})
+	if err != nil {
+		return false, fmt.Errorf("failed to get nodes for cluster: %w", err)
+	}
+
+	for _, node := range nodes.Items {
+		for _, condition := range node.Status.Conditions {
+			if condition.Type == corev1.NodeReady && condition.Status != corev1.ConditionTrue {
+				return false, nil
+			}
+		}
+	}
+	return true, nil
+}
+
 // WaitForLKEClusterReady polls with a given timeout for the LKE Cluster's api-server
 // to be healthy and for the cluster to have at least one node with the NodeReady
 // condition true.
 func WaitForLKEClusterReady(ctx context.Context, client linodego.Client, clusterID int, options linodego.LKEClusterPollOptions) error {
 	return client.WaitForLKEClusterConditions(ctx, clusterID, options, ClusterHasReadyNode)
 }
+
+// WaitForLKEClusterAndNodesReady polls with a given timeout for the LKE
+// Cluster's api-server to be healthy and for all cluster nodes to have the
+// NodeReady condition true.
+func WaitForLKEClusterAndNodesReady(ctx context.Context, client linodego.Client, clusterID int, options linodego.LKEClusterPollOptions) error {
+	return client.WaitForLKEClusterConditions(ctx, clusterID, options, ClusterNodesReady)
+}

lke_node_pools.go

@@ -64,6 +64,9 @@ type LKENodePool struct {
 	Taints  []LKENodePoolTaint  `json:"taints"`
 
 	Autoscaler LKENodePoolAutoscaler `json:"autoscaler"`
+
+	// NOTE: Disk encryption may not currently be available to all users.
+	DiskEncryption InstanceDiskEncryption `json:"disk_encryption,omitempty"`
 }
 
 // LKENodePoolCreateOptions fields are those accepted by CreateLKENodePool