Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[improvement] use martinjungblut/go-cryptsetup instead of shelling out to cryptsetup binary #217

Closed
wants to merge 18 commits into from
Closed

[improvement] use martinjungblut/go-cryptsetup instead of shelling out to cryptsetup binary #217

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
e14700d
use martinjungblut/go-cryptsetup
amold1 Sep 4, 2024
93c5328
install cryptsetup in gha
amold1 Sep 5, 2024
d131112
install cryptsetup in gha
amold1 Sep 5, 2024
fb22803
elevated gha permissions
amold1 Sep 5, 2024
7133752
update package name
amold1 Sep 5, 2024
27a607b
remove luksOpen function
amold1 Sep 5, 2024
e65d915
add cryptsetup-dev to dockerfile
amold1 Sep 5, 2024
2f8e299
update dockerfile to update packages and go buold flags
amold1 Sep 5, 2024
9f563d9
update go build make target
amold1 Sep 5, 2024
23ac7e6
Merge branch 'main' into cryptsetup
amold1 Sep 6, 2024
21bd6d1
Update nodeserver_helpers.go
amold1 Sep 6, 2024
d1b1ab7
fix
amold1 Sep 6, 2024
7481068
set the cipher and mode; add luks example
amold1 Sep 7, 2024
5b49262
Merge branch 'main' into cryptsetup
amold1 Sep 7, 2024
97b8289
dockerize make targets
amold1 Sep 10, 2024
4a8da83
reuse docker-build target with dockerfile var
amold1 Sep 10, 2024
e76c094
Merge branch 'main' into cryptsetup
amold1 Sep 10, 2024
c6f8078
tests updates
amold1 Sep 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Install cryptsetup
run: |
sudo apt install libcryptsetup12 libcryptsetup-dev

- uses: actions/checkout@v4
with:
fetch-depth: 0
Expand Down Expand Up @@ -45,6 +49,10 @@ jobs:
LINODE_MACHINE_TYPE: g6-standard-2
WORKER_NODES: ${{ github.ref == 'refs/heads/main' && '3' || '0' }}
steps:
- name: Install cryptsetup
run: |
sudo apt install libcryptsetup12 libcryptsetup-dev

- uses: actions/checkout@v4
with:
fetch-depth: 0
Expand Down
9 changes: 5 additions & 4 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.22.5-alpine as builder
FROM golang:1.22.5-alpine AS builder
# from makefile
ARG REV

Expand All @@ -10,17 +10,18 @@ COPY go.sum .
COPY main.go .
COPY pkg ./pkg
COPY internal ./internal
RUN apk add cryptsetup cryptsetup-libs cryptsetup-dev gcc musl-dev pkgconfig

RUN go mod download

RUN go build -a -ldflags '-X main.vendorVersion='${REV}' -extldflags "-static"' -o /bin/linode-blockstorage-csi-driver /linode
RUN CGO_ENABLED=1 go build -a -ldflags '-X main.vendorVersion='${REV}'' -o /bin/linode-blockstorage-csi-driver /linode

FROM alpine:3.18.4
LABEL maintainers="Linode"
LABEL description="Linode CSI Driver"

COPY --from=builder /bin/linode-blockstorage-csi-driver /linode

RUN apk add --no-cache e2fsprogs findmnt blkid cryptsetup xfsprogs

COPY --from=builder /bin/linode-blockstorage-csi-driver /linode

ENTRYPOINT ["/linode"]
26 changes: 26 additions & 0 deletions Dockerfile.dev
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
FROM golang:1.22.5-alpine AS builder
# from makefile
ARG REV

RUN mkdir -p /linode
WORKDIR /linode

COPY . .
RUN apk add \
blkid \
cryptsetup \
cryptsetup-libs \
cryptsetup-dev \
e2fsprogs \
findmnt \
gcc \
pkgconfig \
make \
musl-dev \
xfsprogs

RUN go mod tidy

RUN CGO_ENABLED=1 go build -a -ldflags '-X main.vendorVersion='${REV}'' -o /bin/linode-blockstorage-csi-driver /linode
RUN CGO_ENABLED=1 go install go.uber.org/mock/mockgen@latest
CMD ["sh"]
25 changes: 15 additions & 10 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,15 @@ PLATFORM ?= linux/amd64
REGISTRY_NAME ?= index.docker.io
IMAGE_NAME ?= linode/linode-blockstorage-csi-driver
REV := $(shell git describe --long --tags --dirty 2> /dev/null || echo "dev")
ifdef DEV_TAG_EXTENSION
IMAGE_VERSION ?= $(REV)-$(DEV_TAG_EXTENSION)
else
IMAGE_VERSION ?= $(REV)
endif
IMAGE_TAG ?= $(REGISTRY_NAME)/$(IMAGE_NAME):$(IMAGE_VERSION)
GOLANGCI_LINT_IMG := golangci/golangci-lint:v1.59-alpine
RELEASE_DIR ?= release
DOCKERFILE ?= Dockerfile

#####################################################################
# OS / ARCH
Expand All @@ -24,19 +29,19 @@ endif
#####################################################################
.PHONY: fmt
fmt:
go fmt ./...
docker run --platform=$(PLATFORM) -it $(IMAGE_TAG) go fmt ./...

.PHONY: vet
vet: fmt
go vet ./...
docker run --platform=$(PLATFORM) -it $(IMAGE_TAG) go vet ./...

.PHONY: lint
lint: vet
docker run --rm -v $(PWD):/app -w /app ${GOLANGCI_LINT_IMG} golangci-lint run -v
docker run --platform=$(PLATFORM) --rm -v $(PWD):/app -w /app ${GOLANGCI_LINT_IMG} golangci-lint run -v

.PHONY: verify
verify:
go mod verify
docker run --platform=$(PLATFORM) -it $(IMAGE_TAG) go mod verify

.PHONY: clean
clean:
Expand All @@ -59,11 +64,11 @@ WORKER_NODES ?= 0

.PHONY: build
build:
go build -o linode-blockstorage-csi-driver -a -ldflags '-X main.vendorVersion='${IMAGE_VERSION}' -extldflags "-static"' ./main.go
CGO_ENABLED=1 go build -o linode-blockstorage-csi-driver -a -ldflags '-X main.vendorVersion='${IMAGE_VERSION}'' ./main.go

.PHONY: docker-build
docker-build:
DOCKER_BUILDKIT=1 docker build --platform=$(PLATFORM) --progress=plain -t $(IMAGE_TAG) --build-arg REV=$(IMAGE_VERSION) -f ./Dockerfile .
DOCKER_BUILDKIT=1 docker build --platform=$(PLATFORM) --progress=plain -t $(IMAGE_TAG) --build-arg REV=$(IMAGE_VERSION) -f ./$(DOCKERFILE) .

.PHONY: docker-push
docker-push:
Expand Down Expand Up @@ -118,13 +123,13 @@ cleanup-cluster:

.PHONY: generate-mock
generate-mock:
mockgen -source=internal/driver/nodeserver_helpers.go -destination=mocks/mock_nodeserver.go -package=mocks
mockgen -source=pkg/mount-manager/device-utils.go -destination=mocks/mock_deviceutils.go -package=mocks
mockgen -source=pkg/mount-manager/fs-utils.go -destination=mocks/mock_fsutils.go -package=mocks
docker run --platform=$(PLATFORM) -it $(IMAGE_TAG) mockgen -source=internal/driver/nodeserver_helpers.go -destination=mocks/mock_nodeserver.go -package=mocks
docker run --platform=$(PLATFORM) -it $(IMAGE_TAG) mockgen -source=pkg/mount-manager/device-utils.go -destination=mocks/mock_deviceutils.go -package=mocks
docker run --platform=$(PLATFORM) -it $(IMAGE_TAG) mockgen -source=pkg/mount-manager/fs-utils.go -destination=mocks/mock_fsutils.go -package=mocks

.PHONY: test
test: vet verify generate-mock
go test `go list ./... | grep -v ./mocks$$` -cover $(TEST_ARGS)
docker run --platform=$(PLATFORM) -it $(IMAGE_TAG) go test `go list ./... | grep -v ./mocks$$` -cover $(TEST_ARGS)

.PHONY: elevated-test
elevated-test:
Expand Down
1 change: 1 addition & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ require (
github.com/ianschenck/envflag v0.0.0-20140720210342-9111d830d133
github.com/linode/go-metadata v0.2.0
github.com/linode/linodego v1.35.0
github.com/martinjungblut/go-cryptsetup v0.0.0-20220520180014-fd0874fd07a6
go.uber.org/mock v0.4.0
golang.org/x/net v0.27.0
golang.org/x/sys v0.22.0
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ github.com/linode/go-metadata v0.2.0/go.mod h1:XraDbSwms0+CtA7/Qh7agkSvGDc6H0s78
github.com/linode/linodego v1.35.0 h1:rIhUeCHBLEDlkoRnOTwzSGzljQ3ksXwLxacmXnrV+Do=
github.com/linode/linodego v1.35.0/go.mod h1:JxuhOEAMfSxun6RU5/MgTKH2GGTmFrhKRj3wL1NFin0=
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/martinjungblut/go-cryptsetup v0.0.0-20220520180014-fd0874fd07a6 h1:YDjLk3wsL5ZLhLC4TIwIvT2NkSCAdAV6pzzZaRfj4jk=
github.com/martinjungblut/go-cryptsetup v0.0.0-20220520180014-fd0874fd07a6/go.mod h1:gZoZ0+POlM1ge/VUxWpMmZVNPzzMJ7l436CgkQ5+qzU=
github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
Expand Down
58 changes: 58 additions & 0 deletions internal/driver/examples/kubernetes/luks-enabled-vol.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---
kind: Pod
apiVersion: v1
metadata:
name: csi-example-pod-luks
spec:
containers:
- name: csi-example-container
image: busybox
volumeMounts:
- mountPath: "/data"
name: csi-example-volume-luks
command: ["sleep", "1000000"]
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
volumes:
- name: csi-example-volume-luks
persistentVolumeClaim:
claimName: csi-example-pvc-luks
---
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
storageclass.kubernetes.io/is-default-class: "true"
name: linode-block-storage-luks-luks
namespace: kube-system
provisioner: linodebs.csi.linode.com
reclaimPolicy: Delete
parameters:
linodebs.csi.linode.com/luks-encrypted: "true"
linodebs.csi.linode.com/luks-cipher: "aes-xts-plain64"
linodebs.csi.linode.com/luks-key-size: "512"
csi.storage.k8s.io/node-stage-secret-namespace: default
csi.storage.k8s.io/node-stage-secret-name: csi-encrypt-example-luks-key
linodebs.csi.linode.com/volumeTags: default
---
apiVersion: v1
kind: Secret
metadata:
name: csi-encrypt-example-luks-key
stringData:
luksKey: klOMgxvP7v2lJ1LXjQQ4oMQ0n/axuGAjT311C6qbJO/Z7D6dIYYlz/qFn7+AF0oZm5Y2qJos+R/kZaEk/MA9vw==
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: csi-example-pvc-luks
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: linode-block-storage-luks-luks
Loading
Loading