Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS EC2 Node Driver Create should allow encryption of EBS volumes at launch time #22691

Closed
Oats87 opened this issue Sep 6, 2019 · 5 comments
Closed

AWS EC2 Node Driver Create should allow encryption of EBS volumes at launch time #22691

Oats87 opened this issue Sep 6, 2019 · 5 comments
Assignees
@aiyengar2 @khushboo-rancher
Labels
area/aws area/aws-ebs area/machine Issues that deal with rancher-machine internal [zube]: Done
Milestone
v2.3.6

Comments

@Oats87
Copy link
Contributor

Oats87 commented Sep 6, 2019

In Rancher 2.2, it is not possible to (at launch time) create encrypted EBS volume backed instances.

Today, when launching a new instance via the AWS Launch Wizard, it is possible to "natively" encrypt the volumes at launch time, rather than having to snapshot, copy, encrypt, then create an AMI.

We should provide the capability to launch EC2 instances (via Node Template) and encrypt the EBS volumes for this instance at launch time.
@Oats87 Oats87 added area/machine Issues that deal with rancher-machine internal area/aws area/aws-ebs labels Sep 6, 2019
@maggieliu maggieliu added this to the v2.4 milestone Jan 29, 2020
@mrajashree mrajashree mentioned this issue Feb 5, 2020
Closed
@mrajashree
Copy link
Contributor

UI issue: #25266

@aiyengar2
Copy link
Contributor

PR containing rancher/machine changes: rancher/machine#63

@aiyengar2 aiyengar2 mentioned this issue Feb 11, 2020
Merged
@aiyengar2 aiyengar2 mentioned this issue Feb 11, 2020
Merged
@aiyengar2
Copy link
Contributor

PR containing unit test in rancher/rancher to test the above change: #25370

@zube zube bot removed the [zube]: Working label Feb 12, 2020
aiyengar2 added a commit to aiyengar2/rancher that referenced this issue Feb 13, 2020
@aiyengar2
Add unit test for encrypted EBS volume-backed instance
e45263f 
This commit contains a unit test that ensures that the amazonec2 driver contains a flag for encrypting an EBS volume.

PR for this unit test: rancher/machine#63

Related Issue: rancher#22691
aiyengar2 added a commit that referenced this issue Feb 13, 2020
@aiyengar2
Add unit test for encrypted EBS volume-backed instance
ff24cb9 
This commit contains a unit test that ensures that the amazonec2 driver contains a flag for encrypting an EBS volume.

PR for this unit test: rancher/machine#63

Related Issue: #22691
@aiyengar2 aiyengar2 mentioned this issue Feb 15, 2020
Merged
@aiyengar2 aiyengar2 mentioned this issue Feb 18, 2020
Merged
aiyengar2 added a commit to aiyengar2/rancher that referenced this issue Feb 18, 2020
@aiyengar2
Add unit test for encrypted EBS volume-backed instance
988e782 
This commit contains a unit test that ensures that the amazonec2 driver contains a flag for encrypting an EBS volume.

PR for this unit test: rancher/machine#63

Related Issue: rancher#22691
@maggieliu maggieliu modified the milestones: v2.4, v2.3.6 Feb 19, 2020
aiyengar2 added a commit that referenced this issue Feb 19, 2020
@aiyengar2
Add unit test for encrypted EBS volume-backed instance
d839c09 
This commit contains a unit test that ensures that the amazonec2 driver contains a flag for encrypting an EBS volume.

PR for this unit test: rancher/machine#63

Related Issue: #22691
@khushboo-rancher
Copy link
Contributor

Encryption of volumes is not working on upgraded rancher set up from v2.3.5 to v2.3-head. Created a bug #25546

@khushboo-rancher
Copy link
Contributor

Tested below scenarios, feature works fine in rancher version v2.3-head b5175db3f and master-head 981263b53 and in upgraded rancher set up from v2.3.5 to v2.3-head

  1. Created EC2 node driver with encrypted EBS option and launched new instance with it.
  2. Edit the node template and launched new instance with it.
  3. Launched new instances with different node template(with/without encryption enabled) in same cluster.
  4. Scale up the instances in existing cluster.
  5. Impact on other fields in node template.
  6. Create/edit/delete with different roles(Cluster owner, cluster member etc) in rancher.
  7. Other functionality tested on instance created with encryption enabled - Workload deployment, ingress, service discovery, records, registry, secrets, connectivity, web socket etc.

aiyengar2 added a commit to aiyengar2/rancher that referenced this issue Mar 3, 2020
@aiyengar2
Add validation test for encrypted EBS volume-backed instance
0280a24 
This commit contains a validation test that ensures that Rancher can spin up an EC2 cluster and define a node template with encryptEbsVolume, which creates a node pool consisting of encrypted EBS volume backed EC2 instances.

Minor fix:
- Correct spelling of create_and_validate_cluster

Related Issue: rancher#22691
aiyengar2 added a commit that referenced this issue Mar 4, 2020
@aiyengar2
Add validation test for encrypted EBS volume-backed instance
db4cb7e 
This commit contains a validation test that ensures that Rancher can spin up an EC2 cluster and define a node template with encryptEbsVolume, which creates a node pool consisting of encrypted EBS volume backed EC2 instances.

Minor fix:
- Correct spelling of create_and_validate_cluster

Related Issue: #22691
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aiyengar2 aiyengar2

@khushboo-rancher khushboo-rancher

Labels
area/aws area/aws-ebs area/machine Issues that deal with rancher-machine internal [zube]: Done
Projects
None yet
Milestone
v2.3.6
Development

No branches or pull requests
6 participants
@maggieliu @mrajashree @deniseschannon @aiyengar2 @Oats87 @khushboo-rancher