Commit Graph

114 Commits

Author SHA1 Message Date
Vasyl Purchel
419ad0dd8e Adds per volume encryption with Vault integration
- adds proposal document for PVC encryption from PR448
- adds per-volume encription by generating encryption passphrase
  for each volume and storing it in a KMS
- adds HashiCorp Vault integration as a KMS for encryption passphrases
- avoids encrypting volume second time if it was already encrypted but
  no file system created
- avoids unnecessary checks if volume is a mapped device when encryption
  was not requested
- prevents resizing encrypted volumes (it is not currently supported)
- prevents creating snapshots from encrypted volumes to prevent attack
  on encryption key (security guard until re-encryption of volumes
  implemented)

Signed-off-by: Vasyl Purchel vasyl.purchel@workday.com
Signed-off-by: Andrea Baglioni andrea.baglioni@workday.com

Fixes #420
Fixes #744
2020-02-05 05:18:56 +00:00
Oguz Kilcan
aadce54b2f Added PodSecurityPolicy support 2020-01-22 08:19:42 +00:00
wilmardo
f04af5742d refact: Remove Kubernetes 1.13.x support
Signed-off-by: wilmardo <info@wilmardenouden.nl>
2020-01-20 10:32:30 +00:00
Wong Hoi Sing Edison
543360ee00 Upgrade: csi-attacher from v1.2.0 to v2.1.0
See https://github.com/kubernetes-csi/external-attacher/releases/tag/v2.1.0
See https://github.com/kubernetes-csi/external-attacher/blob/v2.1.0/CHANGELOG-2.1.md
2020-01-07 14:27:29 +00:00
Chin-Ya Huang
47f89889ef Fix typo for comment in charts
* ceph-csi-cephfs
* ceph-csi-rbd

Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2020-01-07 07:52:32 +00:00
Wong Hoi Sing Edison
202a2a7200 Upgrade: csi-snapshotter from v1.2.1 to v1.2.2
See https://github.com/kubernetes-csi/external-snapshotter/releases/tag/v1.2.2
See https://github.com/kubernetes-csi/external-snapshotter/blob/v1.2.2/CHANGELOG-1.2.md
2020-01-06 12:36:44 +00:00
Wong Hoi Sing Edison
f37bdfdd44 Upgrade: csi-node-driver-registrar from v1.1.0 to v1.2.0
See https://github.com/kubernetes-csi/node-driver-registrar/releases/tag/v1.2.0
See https://github.com/kubernetes-csi/node-driver-registrar/blob/v1.2.0/CHANGELOG-1.2.md
2020-01-06 07:48:41 +00:00
Madhu Rajanna
4d28a981fc Remove hard-coded UpdateStrategy from templates
Provided an option to specify the UpdateStrategy
in helm  charts.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2020-01-05 08:05:06 +00:00
Wong Hoi Sing Edison
74cb18bd28 Upgrade: csi-resizer from v0.3.0 to v0.4.0
See https://github.com/kubernetes-csi/external-resizer/releases/tag/v0.4.0
See https://github.com/kubernetes-csi/external-resizer/blob/v0.4.0/CHANGELOG-0.4.md
2020-01-05 07:21:12 +00:00
Wong Hoi Sing Edison
3e656769b7 Update csi-provisioner from v1.3.0 to v1.4.0
See https://github.com/kubernetes-csi/external-provisioner/releases/tag/v1.4.0
See https://github.com/kubernetes-csi/external-provisioner/blob/v1.4.0/CHANGELOG-1.4.md
2020-01-02 15:53:07 +00:00
Humble Chirammal
7e59c0ed78 Change deployment artifacts for RBD resizer
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2019-12-13 12:40:12 +00:00
Humble Chirammal
ac09c5553c Add E2E for cephfs resize functionality
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2019-11-27 14:00:47 +00:00
Humble Chirammal
daad8070ac Add resize side car to helm charts
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2019-11-27 14:00:47 +00:00
wilmardo
6ee381db3a refactor: Merge 1.13 and 1.14 Helm charts and improve charts
Signed-off-by: wilmardo <info@wilmardenouden.nl>
2019-09-27 05:49:18 +00:00