feat: add support for CSI volumes encryption and extraParams.

[mlinares1998]

Hi! 👋

I'm currently using the module to evaluate a potential production cluster, and it's been working fantastically so far!
Great job to everyone involved!

Given the module’s emphasis on encryption by default, I believe it's important to also support encryption at the storage level for block volumes.

This PR introduces support for enabling CSI volume encryption during cluster provisioning, using either a randomly generated or a fixed LUKS2 passphrase.

Additionally, it introduces the ability to define extra parameters in the default StorageClass, in line with the Hetzner CSI driver documentation.

Example kubernetes.tf snippet:

# Enable the HCloud CSI driver
hcloud_csi_enabled = true

# Enable volume encryption; a 32-byte random passphrase is generated by default
hcloud_csi_storage_class_encryption_enabled = true

# Optionally, specify your own encryption key
hcloud_csi_storage_class_encryption_key = "passphrase"

# Define additional StorageClass parameters
hcloud_csi_storage_class_extra_parameters = {
  "csi.storage.k8s.io/fstype" = "xfs"
  "fsFormatOption"            = "-i nrext64=1"
}

This is my first contribution to the module, i hope it aligns with the project's standards.
Looking forward to your feedback!

Best regards,

Reference:
https://github.com/hetznercloud/csi-driver/tree/main/docs/kubernetes#volumes-encrypted-with-luks https://github.com/hetznercloud/csi-driver/tree/main/docs/kubernetes#formatting-options

[M4t7e]

Many thanks @mlinares1998! That looks great! 🙂

Do you think it could be extended to support multiple storage classes?

[mlinares1998]

Many thanks @mlinares1998! That looks great! 🙂

Do you think it could be extended to support multiple storage classes?

Hi!! @M4t7e Thanks for your review!
What do you mean exactly?
Allowing to define multiple storage classes within the module along the default one?

[M4t7e]

Allowing to define multiple storage classes within the module along the default one?

Exactly, that’s what I meant. I can imagine users wanting different storage classes for various use cases.

[mlinares1998]

@M4t7e
I've added in 13f0102 support for defining additional StorageClasses alongside the default one.
Additionally, it's now possible to configure the reclaimPolicy for the default StorageClass as well 😄

[mlinares1998]

Hi! @M4t7e any updates on this?
Regards! 😄

[mlinares1998]

Hi @M4t7e!
I have updated the PR with the changes from another branch.
It adds support for the extra volume labels from HCloud CSI 2.14+ to add default labels to all the PVs.
It's really useful in accounts with multiple clusters.

Regards!

[M4t7e]

I’d like to merge it soon. I’ve been thinking about this issue and plan to make some adjustments to how storage classes are configured after this is merged. Could you please resolve the conflicts?

[mlinares1998]

Hi! @M4t7e
I have fixed the conflicts.
Tell me if you need other changes!
Regards! 😄