Documentation
Search...
CTRL K
Documentation home
Guides
Storage - Encryption at rest

Storage - Encryption at rest

Contributed by: Ville Vesilehto

All block storage devices created by the CSI driver can be optionally encrypted at rest.
Encryption support was added to CSI driver in version v1.1.0.

Encryption at rest can be enabled by defining encryption parameter in storage class

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: upcloud-encrypted-block-storage
  namespace: kube-system
parameters:
  tier: maxiops
  encryption: data-at-rest
provisioner: storage.csi.upcloud.com

Once defined, use newly created storage class with storage that you want to encrypt

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: csi-pvc-encrypted
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: upcloud-encrypted-block-storage

Can't find what you're looking for?

For more help you can contact our awesome 24/7 support team"

Contact Support

  • Search documentation
to select
to navigate
ESC to close