mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-20 20:10:22 +00:00
419ad0dd8e
- adds proposal document for PVC encryption from PR448 - adds per-volume encription by generating encryption passphrase for each volume and storing it in a KMS - adds HashiCorp Vault integration as a KMS for encryption passphrases - avoids encrypting volume second time if it was already encrypted but no file system created - avoids unnecessary checks if volume is a mapped device when encryption was not requested - prevents resizing encrypted volumes (it is not currently supported) - prevents creating snapshots from encrypted volumes to prevent attack on encryption key (security guard until re-encryption of volumes implemented) Signed-off-by: Vasyl Purchel vasyl.purchel@workday.com Signed-off-by: Andrea Baglioni andrea.baglioni@workday.com Fixes #420 Fixes #744 |
||
---|---|---|
.. | ||
_helpers.tpl | ||
csidriver-crd.yaml | ||
csiplugin-configmap.yaml | ||
encryptionkms-configmap.yaml | ||
nodeplugin-clusterrole.yaml | ||
nodeplugin-clusterrolebinding.yaml | ||
nodeplugin-daemonset.yaml | ||
nodeplugin-grpc-service.yaml | ||
nodeplugin-http-service.yaml | ||
nodeplugin-psp.yaml | ||
nodeplugin-role.yaml | ||
nodeplugin-rolebinding.yaml | ||
nodeplugin-rules-clusterrole.yaml | ||
nodeplugin-serviceaccount.yaml | ||
NOTES.txt | ||
provisioner-clusterrole.yaml | ||
provisioner-clusterrolebinding.yaml | ||
provisioner-deployment.yaml | ||
provisioner-grpc-service.yaml | ||
provisioner-http-service.yaml | ||
provisioner-psp.yaml | ||
provisioner-role.yaml | ||
provisioner-rolebinding.yaml | ||
provisioner-rules-clusterrole.yaml | ||
provisioner-serviceaccount.yaml |