dashboard icon indicating copy to clipboard operation
dashboard copied to clipboard

Published 20 hours ago verified publisher icon gardener

Support specify encrypted flag for system volume setting

Open jia-jerry opened this issue 4 years ago • 2 comments

What would you like to be added: AliCloud shoot supports encrypted disk now. We need to adopt the change in Dashboard. See Alicloud user manual. or example shoot

We have 2 options:

  1. Expose a configuration in the Dashboard UI for AliCloud only( for now).
  2. Create a shoot with encrypted flag in volume segment in shoot manifest. But this could be a bug because encrypted=true only works with customized image(Gardenlinux). This might bring some issue to other community users who are using public image(ubuntu).

I would suggest option 1.

Why is this needed: Enable user to create node with system disk encrypted.

jia-jerry avatar Jul 06 '21 15:07 jia-jerry

so for option 1 the checkbox to enable encryption should only be selectable if gardenlinux is selected?

petersutter avatar Jul 07 '21 07:07 petersutter

Hmm, that is also OK. Or how about we take option 2, let's enable encrypted=true for Gardenlinux by default? For other cases, just set the value as false

jia-jerry avatar Jul 07 '21 15:07 jia-jerry

Hi. @jia-jerry, I had a chat with @rfranzke about this. As there is currently no way for the dashboard to determine which infrastructure / machine type / image combination supports encryption, the flag should be defaulted by the infrastructure extension provider. AWS for example, defaults the encryption flag to true (for all supported scenarios). I think, you should do the same for alicloud, meaning that you default it to true in case gardenlinux is selected (or in whatever other case this is supported). If this is ok for you, please close the ticket.

grolu avatar Sep 13 '22 07:09 grolu