mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
doc: Add encryptionType to RBD parameters list
Add the new parameter encryptionType and a hint to the encrypted parameter that RBD now supports fscrypt on ext4 as an alternative encryption scheme. Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
parent
f003c37b21
commit
6881b3ad3d
@ -52,7 +52,7 @@ make image-cephcsi
|
|||||||
**Available volume parameters:**
|
**Available volume parameters:**
|
||||||
|
|
||||||
| Parameter | Required | Description |
|
| Parameter | Required | Description |
|
||||||
| --------------------------------------------------------------------------------------------------- | -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|-----------------------------------------------------------------------------------------------------|----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||||
| `clusterID` | yes | String representing a Ceph cluster, must be unique across all Ceph clusters in use for provisioning, cannot be greater than 36 bytes in length, and should remain immutable for the lifetime of the Ceph cluster in use |
|
| `clusterID` | yes | String representing a Ceph cluster, must be unique across all Ceph clusters in use for provisioning, cannot be greater than 36 bytes in length, and should remain immutable for the lifetime of the Ceph cluster in use |
|
||||||
| `pool` | yes | Ceph pool into which the RBD image shall be created |
|
| `pool` | yes | Ceph pool into which the RBD image shall be created |
|
||||||
| `dataPool` | no | Ceph pool used for the data of the RBD images. |
|
| `dataPool` | no | Ceph pool used for the data of the RBD images. |
|
||||||
@ -65,8 +65,9 @@ make image-cephcsi
|
|||||||
| `csi.storage.k8s.io/provisioner-secret-name`, `csi.storage.k8s.io/node-stage-secret-name` | yes (for Kubernetes) | name of the Kubernetes Secret object containing Ceph client credentials. Both parameters should have the same value |
|
| `csi.storage.k8s.io/provisioner-secret-name`, `csi.storage.k8s.io/node-stage-secret-name` | yes (for Kubernetes) | name of the Kubernetes Secret object containing Ceph client credentials. Both parameters should have the same value |
|
||||||
| `csi.storage.k8s.io/provisioner-secret-namespace`, `csi.storage.k8s.io/node-stage-secret-namespace` | yes (for Kubernetes) | namespaces of the above Secret objects |
|
| `csi.storage.k8s.io/provisioner-secret-namespace`, `csi.storage.k8s.io/node-stage-secret-namespace` | yes (for Kubernetes) | namespaces of the above Secret objects |
|
||||||
| `mounter` | no | if set to `rbd-nbd`, use `rbd-nbd` on nodes that have `rbd-nbd` and `nbd` kernel modules to map rbd images |
|
| `mounter` | no | if set to `rbd-nbd`, use `rbd-nbd` on nodes that have `rbd-nbd` and `nbd` kernel modules to map rbd images |
|
||||||
| `encrypted` | no | disabled by default, use `"true"` to enable LUKS encryption on PVC and `"false"` to disable it. **Do not change for existing storageclasses** |
|
| `encrypted` | no | disabled by default, use `"true"` to enable either LUKS or fscrypt encryption on PVC and `"false"` to disable it. **Do not change for existing storageclasses** |
|
||||||
| `encryptionKMSID` | no | required if encryption is enabled and a kms is used to store passphrases |
|
| `encryptionKMSID` | no | required if encryption is enabled and a kms is used to store passphrases |
|
||||||
|
| `encryptionType` | no | Either `block` or `file`. If unset or `block` use LUKS block device encryption. If `file` use ext4 fscrypt to encrypt on the file system level (requires kernel support). |
|
||||||
| `stripeUnit` | no | stripe unit in bytes |
|
| `stripeUnit` | no | stripe unit in bytes |
|
||||||
| `stripeCount` | no | objects to stripe over before looping |
|
| `stripeCount` | no | objects to stripe over before looping |
|
||||||
| `objectSize` | no | object size in bytes |
|
| `objectSize` | no | object size in bytes |
|
||||||
|
Loading…
Reference in New Issue
Block a user