github.com/openshift/installer@v1.4.17/pkg/types/azure/disk.go (about) 1 package azure 2 3 import "fmt" 4 5 // ToID creates an Azure resource ID for the disk encryption set. 6 // It is possible to return a non-valid ID when SubscriptionID is empty. This 7 // should never happen since if SubscriptionID is empty, it is set to the 8 // current subscription. Also, should it somehow be empty and this returns an 9 // invalid ID, the validation code will produce an error when checked against 10 // the validation.RxDiskEncryptionSetID regular expression. 11 func (d *DiskEncryptionSet) ToID() string { 12 return fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Compute/diskEncryptionSets/%s", 13 d.SubscriptionID, d.ResourceGroup, d.Name) 14 } 15 16 // SecurityEncryptionTypes represents the Encryption Type when the Azure Virtual Machine is a 17 // Confidential VM. 18 type SecurityEncryptionTypes string 19 20 const ( 21 // SecurityEncryptionTypesVMGuestStateOnly disables OS disk confidential encryption. 22 SecurityEncryptionTypesVMGuestStateOnly SecurityEncryptionTypes = "VMGuestStateOnly" 23 // SecurityEncryptionTypesDiskWithVMGuestState enables OS disk confidential encryption with 24 // a platform-managed key (PMK) or a customer-managed key (CMK). 25 SecurityEncryptionTypesDiskWithVMGuestState SecurityEncryptionTypes = "DiskWithVMGuestState" 26 ) 27 28 // OSDisk defines the disk for machines on Azure. 29 type OSDisk struct { 30 // DiskSizeGB defines the size of disk in GB. 31 // 32 // +kubebuilder:validation:Minimum=0 33 DiskSizeGB int32 `json:"diskSizeGB"` 34 // DiskType defines the type of disk. 35 // For control plane nodes, the valid values are Premium_LRS and StandardSSD_LRS. 36 // Default is Premium_LRS. 37 // +optional 38 // +kubebuilder:validation:Enum=Standard_LRS;Premium_LRS;StandardSSD_LRS 39 DiskType string `json:"diskType"` 40 // DiskEncryptionSet defines a disk encryption set. 41 // 42 // +optional 43 *DiskEncryptionSet `json:"diskEncryptionSet,omitempty"` 44 // SecurityProfile specifies the security profile for the managed disk. 45 // +optional 46 SecurityProfile *VMDiskSecurityProfile `json:"securityProfile,omitempty"` 47 } 48 49 // DiskEncryptionSet defines the configuration for a disk encryption set. 50 type DiskEncryptionSet struct { 51 // SubscriptionID defines the Azure subscription the disk encryption 52 // set is in. 53 SubscriptionID string `json:"subscriptionId"` 54 // ResourceGroup defines the Azure resource group used by the disk 55 // encryption set. 56 ResourceGroup string `json:"resourceGroup"` 57 // Name is the name of the disk encryption set. 58 Name string `json:"name"` 59 } 60 61 // VMDiskSecurityProfile specifies the security profile settings for the managed disk. 62 // It can be set only for Confidential VMs. 63 type VMDiskSecurityProfile struct { 64 // DiskEncryptionSet specifies the customer managed disk encryption set resource id for the 65 // managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and 66 // VMGuestState blob. 67 // +optional 68 DiskEncryptionSet *DiskEncryptionSet `json:"diskEncryptionSet,omitempty"` 69 // SecurityEncryptionType specifies the encryption type of the managed disk. 70 // It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState 71 // blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. 72 // When set to VMGuestStateOnly, the VTpmEnabled should be set to true. 73 // When set to DiskWithVMGuestState, both SecureBootEnabled and VTpmEnabled should be set to true. 74 // It can be set only for Confidential VMs. 75 // +kubebuilder:validation:Enum=VMGuestStateOnly;DiskWithVMGuestState 76 // +optional 77 SecurityEncryptionType SecurityEncryptionTypes `json:"securityEncryptionType,omitempty"` 78 } 79 80 // DefaultDiskType holds the default Azure disk type used by the VMs. 81 const DefaultDiskType string = "Premium_LRS"