elastisys · robinAwallace · Oct 7, 2024 · Oct 24, 2024
diff --git a/contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf b/contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf
@@ -79,7 +79,7 @@ locals {
         if nic.ip_address != null
       }
   }
-  
+
   node_user_data = <<EOF
 %{ if length(var.private_network_dns) > 0 ~}
 #!/bin/bash
@@ -99,7 +99,7 @@ resource "upcloud_network" "private" {
     dhcp_default_route = var.router_enable
     # TODO: When support for dhcp_dns for private networks are in, remove the user_data and enable it here.
     #       See more here https://github.com/UpCloudLtd/terraform-provider-upcloud/issues/562
-    # dhcp_dns           = length(var.private_network_dns) > 0 ? var.private_network_dns : null 
+    # dhcp_dns           = length(var.private_network_dns) > 0 ? var.private_network_dns : null
     dhcp               = true
     family             = "IPv4"
   }
@@ -135,6 +135,7 @@ resource "upcloud_server" "master" {
   template {
     storage = var.template_name
     size    = each.value.disk_size
+    encrypt = each.value.boot_disk_encrypt
   }
 
   dynamic "network_interface" {
@@ -201,6 +202,7 @@ resource "upcloud_server" "worker" {
   template {
     storage = var.template_name
     size    = each.value.disk_size
+    encrypt = each.value.boot_disk_encrypt
   }
 
   dynamic "network_interface" {

diff --git a/contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf b/contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf
@@ -32,7 +32,8 @@ variable "machines" {
     cpu       = string
     mem       = string
     disk_size = number
-    server_group : string
+    boot_disk_encrypt = optional(bool, false)
+    server_group : optional(string,null)
     force_public_ip : optional(bool, false)
     force_no_user_data : optional(bool, false)
     additional_disks = map(object({

diff --git a/contrib/terraform/upcloud/sample-inventory/cluster.tfvars b/contrib/terraform/upcloud/sample-inventory/cluster.tfvars
@@ -28,6 +28,8 @@ machines = {
     "mem" : "4096"
     # The size of the storage in GB
     "disk_size" : 250
+    "boot_disk_encrypt": false
+    "server_group" : null
     "additional_disks" : {}
   },
   "worker-0" : {
@@ -40,6 +42,8 @@ machines = {
     "mem" : "4096"
     # The size of the storage in GB
     "disk_size" : 250
+    "boot_disk_encrypt": false
+    "server_group" : null
     "additional_disks" : {
       # "some-disk-name-1": {
       #   "size": 100,
@@ -61,6 +65,8 @@ machines = {
     "mem" : "4096"
     # The size of the storage in GB
     "disk_size" : 250
+    "boot_disk_encrypt": false
+    "server_group" : null
     "additional_disks" : {
       # "some-disk-name-1": {
       #   "size": 100,
@@ -82,6 +88,8 @@ machines = {
     "mem" : "4096"
     # The size of the storage in GB
     "disk_size" : 250
+    "boot_disk_encrypt": false
+    "server_group" : null
     "additional_disks" : {
       # "some-disk-name-1": {
       #   "size": 100,
@@ -146,4 +154,4 @@ server_groups = {
   #   ]
   #   anti_affinity_policy = "yes"
   # }
-}
+}
diff --git a/contrib/terraform/upcloud/variables.tf b/contrib/terraform/upcloud/variables.tf
@@ -54,7 +54,8 @@ variable "machines" {
     cpu       = string
     mem       = string
     disk_size = number
-    server_group : string
+    boot_disk_encrypt = optional(bool, false)
+    server_group : optional(string,null)
     force_public_ip : optional(bool, false)
     force_no_user_data : optional(bool, false)
     additional_disks = map(object({

diff --git a/roles/kubernetes-apps/csi_driver/upcloud/defaults/main.yml b/roles/kubernetes-apps/csi_driver/upcloud/defaults/main.yml
@@ -3,7 +3,7 @@ upcloud_csi_controller_replicas: 1
 upcloud_csi_provisioner_image_tag: "v3.1.0"
 upcloud_csi_attacher_image_tag: "v3.4.0"
 upcloud_csi_resizer_image_tag: "v1.4.0"
-upcloud_csi_plugin_image_tag: "v1.1.0"
+upcloud_csi_plugin_image_tag: "v1.2.0"
 upcloud_csi_node_image_tag: "v2.5.0"
 upcloud_username: "{{ lookup('env', 'UPCLOUD_USERNAME') }}"
 upcloud_password: "{{ lookup('env', 'UPCLOUD_PASSWORD') }}"

diff --git a/roles/kubernetes-apps/persistent_volumes/upcloud-csi/defaults/main.yml b/roles/kubernetes-apps/persistent_volumes/upcloud-csi/defaults/main.yml
@@ -1,12 +1,42 @@
 ---
 storage_classes:
-  - name: standard
+  - name: maxiops
     is_default: true
     expand_persistent_volumes: true
     parameters:
       tier: maxiops
+  - name: standard
+    is_default: false
+    expand_persistent_volumes: true
+    parameters:
+      tier: standard
+  # New hdd tier
+  - name: archive
+    is_default: false
+    expand_persistent_volumes: true
+    parameters:
+      tier: archive
+  # tier hdd is deprecated
   - name: hdd
     is_default: false
     expand_persistent_volumes: true
     parameters:
       tier: hdd
+  - name: maxiops-encrypted
+    is_default: false
+    expand_persistent_volumes: true
+    parameters:
+      tier: maxiops
+      encryption: "data-at-rest"
+  - name: standard-encrypted
+    is_default: false
+    expand_persistent_volumes: true
+    parameters:
+      tier: standard
+      encryption: "data-at-rest"
+  - name: archive-encrypted
+    is_default: false
+    expand_persistent_volumes: true
+    parameters:
+      tier: archive
+      encryption: "data-at-rest"