Conversation
majst01
left a comment
majst01
left a comment
There was a problem hiding this comment.
first small improvements
Co-authored-by: Stefan Majer <stefan.majer@gmail.com>
Gerrit91
left a comment
Gerrit91
left a comment
There was a problem hiding this comment.
Cool. Not an expert on this, but looks pretty good from the code perspective.
ostempel
left a comment
ostempel
left a comment
There was a problem hiding this comment.
Really nice feature. Have some feedback for you
…ntLV() don't need to construct one
|
thank you very much! I will take a look this week. |
There was a problem hiding this comment.
Great feature! 🚀
Just small nitpicks for the testing.
Here we can remove the creation and deletion of the encrypted-linear storageclass since it already is deployed through the helm-chart and its custom values.yaml
Otherwise than this we can merge.
Also would be really happy if you add this feature to the associated gardener-extension-csi-driver-lvm
|
PR should be complete now. I will take a look at the gardener-extension-csi-driver-lvm - no promises... Do you want encryption to be an Opt-In setting or shall we enable it be default? |
I'd say we should go for opt-in setting in the extension. Higher-level APIs can still implement a different defaulting. |
|
I have commited metal-stack/gardener-extension-csi-driver-lvm#25 now. |
| apiVersion: storage.k8s.io/v1 | ||
| kind: StorageClass | ||
| metadata: | ||
| name: csi-driver-lvm-linear-encrypted | ||
| parameters: | ||
| type: linear | ||
| encryption: "true" | ||
| csi.storage.k8s.io/node-stage-secret-name: csi-lvm-encryption-secret | ||
| csi.storage.k8s.io/node-stage-secret-namespace: default | ||
| provisioner: lvm.csi.metal-stack.io | ||
| allowVolumeExpansion: true | ||
| reclaimPolicy: Delete | ||
| volumeBindingMode: WaitForFirstConsumer |
There was a problem hiding this comment.
I think this file also can be removed. After that I'm happy to merge
4 participants
Description
This PR adds LUKS2 encryption support for volumes (raw block and filesystem).
The test framework has been extended and all tests pass in a local test run.
Closes #29.