Add volume and image encryption feature

[a110605]

Summary

• Add Encrypted, Decrypted radio buttons and source image dropdown In image create page,
• In storage class create page, add volume encryption radio button and secret namespace, secret name select dropdowns
• Show lock icon if image / volume is encrypted.
• Hide "export image" action if volume is encrypted
• Show encryption and secret in image detail page.

PR Checklist

• Is this a multi-tenancy feature/bug?
  • Yes, the relevant RBAC changes are at:
• Do we need to backport changes to the old Rancher UI, such as RKE1?
  • Yes, the relevant PR is at:
• Are backend engineers aware of UI changes?
  • Yes, the backend owner is: @Yu-Jack

Related Issue #
harvester/harvester#6493

Screenshot/Video

Create Storage class with Secret
create_sc.webm

Encrypted & decrypt Image
image_en:decrypt.webm

Encrypt volume
volume_encypt.webm

[Yu-Jack]

A thought just popped into my head. Do we need to display locker icon in the VM page if some VMs use encrypted image or volumes? It might be a useful information for users? cc @bk201

[Yu-Jack]

Just one question, should we clear the secret name when we select different secret namespace each time?

demo-01.mov

[a110605]

Just one question, should we clear the secret name when we select different secret namespace each time?

demo-01.mov

Good finding. It should clean the secret when chaning namespace.

[a110605]

A thought just popped into my head. Do we need to display locker icon in the VM page if some VMs use encrypted image or volumes? It might be a useful information for users? cc @bk201

Per discussion with @Yu-Jack , add lock icon in VM list page and show the tooltip with

• image encrypted
• volume encrypted
• image and volume encrypted

See in vm-lock.webm

[Yu-Jack]

LGTM, thanks!

[Yu-Jack]

LGTM, thanks!

[a110605]

Show encrytion field in vm detail volume tab and render lock in

• green icon : All volumes are encrypted.
• yellow icon : Partial volumes are encrypted.

@jillian-maroket, could you give advice for above 2 messages ? thanks.

vm_lock_icon.webm

[torchiaf]

Code looks good, just a few minor CRs and question below (Maybe something we can add in the next release as improvements).

@Yu-Jack @a110605 I have a few questions:

• Should we add 'Encrypt' / 'Decrypt' actions in the image list ?
• Would it make sense to have a reference to the image that is being decrypted / encrypted, in the new image?

[Yu-Jack]

Code looks good, just a few minor CRs and question below (Maybe something we can add in the next release as improvements).

I have a few questions:

• Should we add 'Encrypt' / 'Decrypt' actions in the image list ?
• Would it make sense to have a reference to the image that is being decrypted / encrypted, in the new image?

I think these are "nice to have" improvements at this moment. Maybe we could put them into Backlog to next release?

[Yu-Jack]

LGTM. BTW, there is a failed build about check-plugins-build.

[bk201]

presentation lgtm, thanks!

[a110605]

LGTM. BTW, there is a failed build about check-plugins-build.

Wait for fixed PR #1160 merge first.

[jillian-maroket]

I changed the "partial" tooltip.

[torchiaf]

LGTM