-
Feature
-
Resolution: Done
-
Major
-
None
-
False
-
-
False
-
32
-
32%
-
L
-
0
-
0
-
-
-
While this one might need not TE (its hard to say); I am marking it for now; as we still have work to do with KMS that customers may have questions about.
-
-
-
Feature Overview (aka. Goal Summary)
Support data encryption at rest with LVM Storage by leveraging LVM mechanisms.
Goals (aka. expected user outcomes)
Provide a way to encrypt data being stored on PVs provided by LVM Storage so that the customer data is protected against theft of the device.
Requirements (aka. Acceptance Criteria):
- Provide a basic encrypt at rest capability using LVM / LUKS.
- Store the encryption key in a k8s secret.
- Unattended unlocking
- Encryption at storage/node layer (i.e. the VG) is good enough. Encryption at the PV / PVC layer might also be an option.
- AI integration (e.g. provide a checkbox "Encrypt storage" as it provides for OS disk.
Use Cases (Optional):
Include use case diagrams, main success scenarios, alternative flow scenarios. Initial completion during Refinement status.
As an administrator, I want to use encryption at rest on my SNO clusters, so that I can sleep well if a disk is stolen from an edge device.
Questions to Answer (Optional):
- What can we reuse (patterns, mechanisms) from existing solutions (e.g. OCP full disk encryption of the OS disk, or ODF encryption). A: We can re-use the mechanism used in Ceph, i.e. provide encryption at rest using LUKS with an encryption passphrase stored in a k8s secret.
- Where do we store the encryption keys?
A: In a k8s secret. We can extend it to any KMS system by implementing an interface at a later release.
Out of Scope
- key recovery procedures
- key rotation / replacement procedures
Background
Every storage solution should provide encryption capabilities.
Customer Considerations
Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.
Should be simple to configure and use.
Documentation Considerations
Provide information that needs to be considered and planned so that documentation will meet customer needs. Initial completion during Refinement status.
Interoperability Considerations
Which other projects and versions in our portfolio does this feature impact? What interoperability test scenarios should be factored by the layered products? Initial completion during Refinement status.
- links to
- mentioned in
-
Page Loading...