hatched-DavidMichon
commented
6 years ago Indeed, it's a must have in my opinion.
Open sayeaud opened 6 years ago
hatched-DavidMichon
commented
6 years ago Indeed, it's a must have in my opinion.
gvdmarck
commented
5 years ago Any news of this ? What is the status of cloudstor anyway ? Is it still maintained ? If not it will be useful to at least know what are the plans of docker team.
Expected behavior
When defining the Cloudstor options for an EBS volume it would be really useful to be able to specify that a volume should be encrypted, and (optionally) which KMS key to use.
Actual behavior
There are no options to enable encryption of EBS volumes via the Cloudstor plugin.
Information
We're running Kafka on Docker for AWS with a requirement for the data volumes being used for Kafka to be encrypted. Prior to the encryption requirement we were using EBS volumes for Kafka (via the Cloudstor plugin) and our Kafka cluster was rock solid. We tried the encrypted EFS option for Kafka, however the EFS and Kafka combination (with or without encryption) negatively impacted the stability of our Kafka cluster.
We were able to get encrypted EBS volumes working through Cloudstor by first letting Cloudstor create the non-encrypted EBS volumes, removing the Kafka service from the Swarm, manually creating encrypted EBS volumes with exactly the same properties and tags as the EBS volumes created by Cloudstor, deleting the EBS volumes created by Cloudstor, then re-deploying our Kafka service to the Swarm.
We would ❤️ if we didn't have to do this manual step for each volume.