[csi-cinder-plugin] Support volume basic encryption #2524
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
lifecycle/rotten
Denotes an issue or PR that has aged beyond stale and will be auto-closed.
/kind feature
What happened:
Currently volumes can be encrypted if the required features are set up in OpenStack (and the Volume Type defined at the
StorageClass
is correct) but the user of ancsi-cinder-plugin
deployment does not know if thePersistentVolume
is really encrypted or not from within k8s.What you expected to happen:
This feature request is most likely one of two requesting support to set a parameter at the
StorageClass
to validate if volumes created are flagged asencrypted
in the API response.How to reproduce it:
Create a
pvc
for astorageclass
namedencryptedvolume
without the correct Volume Type (defaultLUKS
) set. Volume will not be encrypted but handled correctly by the CSI driver. With theencrypted
parameter set (if PR is accepted) an error will be showed that the volume should be encrypted but is not at the block storage layer.Anything else we need to know?:
Another issue will be created that requests support "bring your own key" approach to both OpenStack and the CSI driver. It's part of an effort to enhance the encryption support in OpenStack and k8s as part of the Sovereign Cloud Stack. I'll reach out to OpenStack for that first and create another PR once support is implemented.
The text was updated successfully, but these errors were encountered: