Open ethanwinograd opened 6 years ago
stevesloka
commented
6 years ago Volume encryption is based upon the storage class. The operator created classes should default to set the encrypted flag, but if you provide your own, you'd need to set the same.
ethanwinograd
commented
6 years ago so it would be in this file? https://github.com/upmc-enterprises/elasticsearch-operator/blob/v0.0.7/pkg/k8sutil/storage.go
stevesloka
commented
6 years ago Yeah should be in that file but I don't see it. May have found an issue with this. Let me spin up a new cluster and validate.
ethanwinograd
commented
6 years ago We were able to get encrypted volumes using the 0.07 version of the operator as follows.
Create a storage class with encrypted=true called "es-storageclass"
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
name: es-storageclass
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp2
encrypted: "true"Edit the es-cluster.json with the following
"storage": {
"storage-class": "es-storageclass"
},
and
`
"zones": ["es-storageclass"],`
This had the desired effect of creating the statefulsets in the available zones for the account we were operating on
We are running on v0.0.7 of the operator.
Do you know where a change would need to be made so that the EBS volumes get created as encrypted volumes?