Closed nickumia-reisys closed 2 years ago
I'm pretty sure that the EBS volume we're seeing here is the volume attached to the managed-node group EC2 instance. We are not setting any parameters that we could be to ensure MNGs use encrypted volumes by default. In other words this is unrelated to the PVC/CSI work we did recently.
EKS Brokerpak v2.3.2+
How to reproduce
Expected behavior
All Volumes are encrypted.
Actual behavior
New volumes using our custom
ebs-sc
(ebs storage class) are encrypted. (This was verified in https://github.com/GSA/datagov-deploy/issues/3683) However, during startup there is a volume that mysteriously gets created and is not encrypted.Sketch