Skip to content

Instantly share code, notes, and snippets.

@rk295

rk295/k8s-ebs-encrypted-volume-example.yaml

Last active November 27, 2017 20:38
Show Gist options
  • Save rk295/4370fe458809c4deef87f65a68985230 to your computer and use it in GitHub Desktop.
Save rk295/4370fe458809c4deef87f65a68985230 to your computer and use it in GitHub Desktop.
Download ZIP
Sample deployment of a new StorageClass which uses GP2 encrypted volumes, defines a new PersistentVolumeClaim and finaly maps this volume into a pod.
Raw
k8s-ebs-encrypted-volume-example.yaml
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
storageclass.beta.kubernetes.io/is-default-class: "false"
labels:
k8s-addon: storage-aws.addons.k8s.io
name: gp2-encrypted
parameters:
encrypted: "true"
type: gp2
provisioner: kubernetes.io/aws-ebs
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gp2-encrypted
namespace: default
spec:
storageClassName: gp2-encrypted
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Pod
metadata:
name: gp2-encryption-test
namespace: default
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: gp2-encryption-test
ports:
- containerPort: 80
name: http
protocol: TCP
volumeMounts:
- mountPath: /data
name: gp2-encrypted
volumes:
- name: gp2-encrypted
persistentVolumeClaim:
claimName: gp2-encrypted
@rk295
Copy link
Author

rk295 commented Nov 27, 2017

Quick demo showing dynamic Encrypted EBS volume provisioning and pod attachment. The AWS console proves this:

k8s-ebs-encrypted-volume

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment