Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ZFSPV): adding encryption in ZFSVolume CR #6

Merged
merged 4 commits into from
Oct 15, 2019
Merged

feat(ZFSPV): adding encryption in ZFSVolume CR #6

merged 4 commits into from
Oct 15, 2019

Conversation

pawanpraka1
Copy link
Contributor

@pawanpraka1 pawanpraka1 commented Sep 25, 2019
edited by kmova
Loading

Also adding support to inherit the properties from ZPOOL
which are not listed in the storage class, ZFS driver will
not pass default values while creating the volume. Those
properties will be inherited from the ZPOOL.

we can use the encryption option in storage class

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: openebs-zfspv
allowVolumeExpansion: true
parameters:
  blocksize: "4k"
  compression: "on"
  dedup: "on"
  thinprovision: "yes"
  encryption: "on"
  keyformat: "raw"
  keylocation: "file:///home/keys/key"
  poolname: "zfspv-pool"
provisioner: openebs.io/zfs

Just a note, the key file should be mounted inside the node-agent container so that we can use that file while provisioning the volume. keyformat can be raw, hex or passphrase.

Signed-off-by: Pawan pawan@mayadata.io

@pawanpraka1
feat(ZFSPV): adding encryption in ZFSVolume CR
2cea8de 
Also adding support to inherit the properties from ZPOOL
which are not listed in the storage class, ZFS driver will
not pass default values while creating the volume. Those
properties will be inherited from the ZPOOL.

Signed-off-by: Pawan <pawan@mayadata.io>
@codecov-io
Copy link

codecov-io commented Sep 25, 2019
edited
Loading

Codecov Report

Merging #6 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master       #6   +/-   ##
=======================================
  Coverage   89.55%   89.55%           
=======================================
  Files           1        1           
  Lines          67       67           
=======================================
  Hits           60       60           
  Misses          7        7

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3788872...963343e. Read the comment docs.

@pawanpraka1
feat(zfspv): adding keyformat and keylocation for encryption
18e825a 
Signed-off-by: Pawan <pawan@mayadata.io>
@pawanpraka1
sample fio yaml
65798a1 
Signed-off-by: Pawan <pawan@mayadata.io>
@pawanpraka1
adding dummy key location
963343e 
Signed-off-by: Pawan <pawan@mayadata.io>
@kmova kmova merged commit 0218dac into openebs:master Oct 15, 2019
@pawanpraka1 pawanpraka1 deleted the encryption branch October 16, 2019 06:42
@kmova kmova added this to the v0.1.0 milestone Nov 8, 2019
@ptthon
Copy link

ptthon commented May 6, 2022
edited
Loading

I have the secret key file on all nodes of /home/keys , but create volume failt

the err is:
zfs.csi.openebs.io_openebs-zfs-controller-0_5028c459-a44a-4063-9e5b-60efc06d2281 failed to provision volume with StorageClass "openebs-zfspv-enc": rpc error: code = Internal desc = not able to provision the volume, nodes [master3], err : zfs: volume creation failed

@pawanpraka1
Copy link
Contributor Author

@ptthon please raise an issue for this. Also please upload the node agent logs.

@ptthon ptthon mentioned this pull request May 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kmova kmova kmova approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@pawanpraka1 @codecov-io @ptthon @kmova