Adds PVC encryption with LUKS

Adds encryption in StorageClass as a parameter. Encryption passphrase is
stored in kubernetes secrets per StorageClass. Implements rbd volume
encryption relying on dm-crypt and cryptsetup using LUKS extension

The change is related to proposal made earlier. This is a first part of
the full feature that adds encryption with passphrase stored in secrets.

Signed-off-by: Vasyl Purchel vasyl.purchel@workday.com
Signed-off-by: Andrea Baglioni andrea.baglioni@workday.com
Signed-off-by: Ioannis Papaioannou ioannis.papaioannou@workday.com
Signed-off-by: Paul Mc Auley paul.mcauley@workday.com
Signed-off-by: Sergio de Carvalho sergio.carvalho@workday.com

examples/rbd/secret.yaml

@@ -10,3 +10,6 @@ stringData:
   # specified in the storage class
   userID: <plaintext ID>
   userKey: <Ceph auth key corresponding to ID above>
+
+  # Encryption passphrase
+  encryptionPassphrase: test_passphrase

examples/rbd/storageclass.yaml

@@ -38,6 +38,11 @@ parameters:
    csi.storage.k8s.io/fstype: ext4
    # uncomment the following to use rbd-nbd as mounter on supported nodes
    # mounter: rbd-nbd
+
+   # Instruct the plugin it has to encrypt the volume
+   # By default it is disabled. Valid values are “true” or “false”.
+   # A string is expected here, i.e. “true”, not true.
+   # encrypted: "true"
 reclaimPolicy: Delete
 allowVolumeExpansion: true
 mountOptions: