-
Notifications
You must be signed in to change notification settings - Fork 595
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[csi-cinder-plugin] Support volume encryption with user provided keys #2526
Comments
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/kind feature
What happened:
Currently volumes can be encrypted if the required features are set up in OpenStack. The remaining handling is done transparently in OpenStack (
nova
andbarbican
). A feature missing is the "bring your own keys" approach were the key is stored in a k8s secret and predefined when the API request to create a volume is send.What you expected to happen:
A user provided secret can be used to control the encryption from the k8s layer. Remaining mechanisms in OpenStack should remain the same including storage in
Barbican
and transparent handling inNova
.Anything else we need to know?:
The OpenStack feature request is https://bugs.launchpad.net/nova/+bug/2051108
The text was updated successfully, but these errors were encountered: