gluster-csi-driver icon indicating copy to clipboard operation
gluster-csi-driver copied to clipboard

Published 20 hours ago verified publisher icon gluster

Per volume encryption

Open jimmyjones2 opened this issue 5 years ago • 0 comments

Describe the feature you'd like to have. Encrypted PV with the key managed in Kubernetes

What is the value to the end user? (why is it a priority?) If there is a container escape on a node, only volumes required by pods running on that node will be exposed as the keys for any other volumes would not be accessible. In addition even if the gluster server were compromised, only encrypted data would be available.

How will we know we have a good solution? (acceptance criteria) A PV can be created with an encrypted flag and the resulting data is stored encrypted on the gluster server

Additional context An attempt was made in kubernetes/kubernetes#28454

jimmyjones2 avatar Feb 15 '19 21:02 jimmyjones2