Open iamvighnesh opened 5 months ago
tallaxes
commented
5 months ago This is currently not supported. The first step would be to enable disk encryption with managed keys by default, which is what AKS does. Next step would be support for BYOK.
iamvighnesh
commented
5 months ago @tallaxes Would you like me create a separate issue for Disk Encryption using platform managed keys?
I am happy to pick this up and work on both the features.
tallaxes
commented
5 months ago Good idea, and appreciate offer of help! Let me dig a little bit into the differences between this (server-side encryption) and host-based encryption, to see how to break this down best - and maybe set priorities.
iamvighnesh
commented
1 month ago @tallaxes @Bryce-Soghigian Let me know if you would like me to split this into two: Disk Encryption and Host Encryption.
Happy to pick either.
Tell us about your request
The users are requesting support for Disk Encryption Sets for Node OS Disks on Karpenter-managed nodes.
Here's the existing feature for AKS managed nodes with Disk Encryption Set for Node OS Disks.
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
The users do not have a way to provide a customer-managed key for encrypting node OS disk and would like the ability to supply customer-managed keys to use for encryption at rest for both the OS for Karpenter-managed nodes.
Are you currently working around this issue?
No workaround is available for this right now.
Additional Context
Attachments
No response
Community Note