travisn
commented
3 years ago Is this a request for the rook-nfs operator? If so, any solution would not be specific to ceph since any store can back the nfs server.
Or is this request is for rook-ceph using the CephNFS CRD, please open this issue in the rook/rook repo.
Is this a bug report or feature request?
What should the feature do: Based on - Starting NFS-V4, encryption of in-flight data is supported using TLS. NFS 4.1 supports the Kerberos authentication protocol to secure communications with the NFS server. Nonroot users can access files when Kerberos is used. Kerberos supports cryptographic algorithms that prevent unauthorized users from gaining access to NFS traffic.
Rook-ceph should also provide the data-in-transit encryption for NFS.
What is use case behind this feature: This bring security to data in transit in NFS provided by rook-ceph