azure: Support control plane disk encryption

rna-afk · rna-afk · commit 8bd01f9c21d3 · 2024-04-11T09:35:21.000-04:00
Adding disk encryption set to control plane machines if provided
by the user to encrypt the disk.
diff --git a/pkg/asset/machines/azure/azuremachines.go b/pkg/asset/machines/azure/azuremachines.go
@@ -88,6 +88,11 @@ func GenerateMachines(platform *azure.Platform, pool *types.MachinePool, userDat
 	additionalCapabilities := &capz.AdditionalCapabilities{
 		UltraSSDEnabled: &ultrassd,
 	}
+	if pool.Platform.Azure.DiskEncryptionSet != nil {
+		osDisk.ManagedDisk.DiskEncryptionSet = &capz.DiskEncryptionSetParameters{
+			ID: mpool.OSDisk.DiskEncryptionSet.ToID(),
+		}
+	}
 
 	machineProfile := generateSecurityProfile(mpool)
 	securityProfile := &capz.SecurityProfile{
@@ -161,6 +166,7 @@ func GenerateMachines(platform *azure.Platform, pool *types.MachinePool, userDat
 		})
 	}
 
+	osDisk.ManagedDisk.DiskEncryptionSet = nil
 	bootstrapAzureMachine := &capz.AzureMachine{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: capiutils.GenerateBoostrapMachineName(clusterID),
