-
Notifications
You must be signed in to change notification settings - Fork 13
feat: add support for CSI volumes encryption and extraParams. #100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add support for CSI volumes encryption and extraParams. #100
Conversation
c192052
to
9d6c1e9
Compare
Many thanks @mlinares1998! That looks great! 🙂 Do you think it could be extended to support multiple storage classes? |
Hi!! @M4t7e Thanks for your review! |
Exactly, that’s what I meant. I can imagine users wanting different storage classes for various use cases. |
Hi! @M4t7e any updates on this? |
- Add new variable hcloud_csi_volume_extra_labels to configure default labels for all newly created volumes - Add example configuration showing how to use volume extra labels This feature is available in Hcloud CSI chart version 2.14+ and allows users to automatically apply custom labels to all volumes created by the CSI driver, useful for environment tagging, team assignment, and backup policies.
Hi @M4t7e! Regards! |
I’d like to merge it soon. I’ve been thinking about this issue and plan to make some adjustments to how storage classes are configured after this is merged. Could you please resolve the conflicts? |
Hi! @M4t7e |
Hi! 👋
I'm currently using the module to evaluate a potential production cluster, and it's been working fantastically so far!
Great job to everyone involved!
Given the module’s emphasis on encryption by default, I believe it's important to also support encryption at the storage level for block volumes.
This PR introduces support for enabling CSI volume encryption during cluster provisioning, using either a randomly generated or a fixed LUKS2 passphrase.
Additionally, it introduces the ability to define extra parameters in the default StorageClass, in line with the Hetzner CSI driver documentation.
Example
kubernetes.tf
snippet:This is my first contribution to the module, i hope it aligns with the project's standards.
Looking forward to your feedback!
Best regards,
Reference:
https://github.com/hetznercloud/csi-driver/tree/main/docs/kubernetes#volumes-encrypted-with-luks https://github.com/hetznercloud/csi-driver/tree/main/docs/kubernetes#formatting-options