-
Notifications
You must be signed in to change notification settings - Fork 596
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[csi-cinder-plugin] Support volume basic encryption #2524
Comments
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/kind feature
What happened:
Currently volumes can be encrypted if the required features are set up in OpenStack (and the Volume Type defined at the
StorageClass
is correct) but the user of ancsi-cinder-plugin
deployment does not know if thePersistentVolume
is really encrypted or not from within k8s.What you expected to happen:
This feature request is most likely one of two requesting support to set a parameter at the
StorageClass
to validate if volumes created are flagged asencrypted
in the API response.How to reproduce it:
Create a
pvc
for astorageclass
namedencryptedvolume
without the correct Volume Type (defaultLUKS
) set. Volume will not be encrypted but handled correctly by the CSI driver. With theencrypted
parameter set (if PR is accepted) an error will be showed that the volume should be encrypted but is not at the block storage layer.Anything else we need to know?:
Another issue will be created that requests support "bring your own key" approach to both OpenStack and the CSI driver. It's part of an effort to enhance the encryption support in OpenStack and k8s as part of the Sovereign Cloud Stack. I'll reach out to OpenStack for that first and create another PR once support is implemented.
The text was updated successfully, but these errors were encountered: