mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-30 17:00:23 +00:00
166eaf700f
Adds encryption in StorageClass as a parameter. Encryption passphrase is stored in kubernetes secrets per StorageClass. Implements rbd volume encryption relying on dm-crypt and cryptsetup using LUKS extension The change is related to proposal made earlier. This is a first part of the full feature that adds encryption with passphrase stored in secrets. Signed-off-by: Vasyl Purchel vasyl.purchel@workday.com Signed-off-by: Andrea Baglioni andrea.baglioni@workday.com Signed-off-by: Ioannis Papaioannou ioannis.papaioannou@workday.com Signed-off-by: Paul Mc Auley paul.mcauley@workday.com Signed-off-by: Sergio de Carvalho sergio.carvalho@workday.com
16 lines
418 B
YAML
16 lines
418 B
YAML
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: csi-rbd-secret
|
|
namespace: default
|
|
stringData:
|
|
# Key values correspond to a user name and its key, as defined in the
|
|
# ceph cluster. User ID should have required access to the 'pool'
|
|
# specified in the storage class
|
|
userID: <plaintext ID>
|
|
userKey: <Ceph auth key corresponding to ID above>
|
|
|
|
# Encryption passphrase
|
|
encryptionPassphrase: test_passphrase
|