Describe the feature you'd like to have.
Encrypted PV with the key managed in Kubernetes
What is the value to the end user? (why is it a priority?)
If there is a container escape on a node, only volumes required by pods running on that node will be exposed as the keys for any other volumes would not be accessible. In addition even if the gluster server were compromised, only encrypted data would be available.
How will we know we have a good solution? (acceptance criteria)
A PV can be created with an encrypted flag and the resulting data is stored encrypted on the gluster server
Additional context
An attempt was made in kubernetes/kubernetes#28454
Describe the feature you'd like to have. Encrypted PV with the key managed in Kubernetes
What is the value to the end user? (why is it a priority?) If there is a container escape on a node, only volumes required by pods running on that node will be exposed as the keys for any other volumes would not be accessible. In addition even if the gluster server were compromised, only encrypted data would be available.
How will we know we have a good solution? (acceptance criteria) A PV can be created with an encrypted flag and the resulting data is stored encrypted on the gluster server
Additional context An attempt was made in kubernetes/kubernetes#28454