#MY customer is trying to do below. Is it even possible?

1 messages · Page 1 of 1 (latest)

deft garden
#

we want to have a encryption key per storage class and here we have an issue. When we create an storage class with a CMEK key, for example

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fabric-rehost-int-lon
provisioner: csi.trident.netapp.io
parameters:
selector: "fabric_cluster=dev; location=lon"
disk-encryption-kms-key: abcde

this storage class appear in oc

oc get sc

NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
fabric-rehost-int-lon csi.trident.netapp.io Delete Immediate false 45m
ssd-csi pd.csi.storage.gke.io Delete WaitForFirstConsumer true 75d
standard (default) kubernetes.io/gce-pd Delete WaitForFirstConsumer true 75d
standard-csi pd.csi.storage.gke.io Delete WaitForFirstConsumer true 75d

but doesn’t in trident

./tridentctl -n trident get storageclass

+------+
| NAME |
+------+
+------+