Skip to content

edgelesssys/constellation-azuredisk-csi-driver

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,411 Commits
.github
.github
 
 
charts
charts
 
 
deploy
deploy
 
 
docs
docs
 
 
edgeless
edgeless
 
 
hack
hack
 
 
pkg
pkg
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
LICENSE.Apache
LICENSE.Apache
 
 
Makefile
Makefile
 
 
OWNERS
OWNERS
 
 
README.md
README.md
 
 
RELEASE.md
RELEASE.md
 
 
SECURITY_CONTACTS
SECURITY_CONTACTS
 
 
code-of-conduct.md
code-of-conduct.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Azure Disk CSI driver for Constellation Kubernetes

This is a fork of the Azure CSI driver with added encryption features for Constellation.

About

This driver allows a Constellation cluster to use Azure Disk volume, csi plugin name: azuredisk.csi.confidential.cloud

Driver parameters

Please refer to azuredisk.csi.confidential.cloud driver parameters

Install driver on a Constellation Kubernetes cluster

Use helm to deploy the driver to your cluster:

helm install azuredisk-csi-driver charts/edgeless/ --namespace kube-system

See helm configuration for a detailed list on configuration options.

Remove the driver using helm:

helm uninstall azuredisk-csi-driver -n kube-system

Features

Enabling integrity protection

By default the CSI driver will transparently encrypt all disks staged on the node. Optionally, you can configure the driver to also apply integrity protection.

Please note that enabling integrity protection requires wiping the disk before use. Disk wipe speeds are largely dependent on IOPS and the performance tier of the disk. If you intend to provision large amounts of storage and Pod creation speed is important, we recommend requesting high-performance disks.

To enable integrity protection, create a storage class with an explicit file system type request and add the suffix -integrity. The following is a storage class for integrity protected ext4 formatted disks:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: integrity-protected
provisioner: azuredisk.csi.confidential.cloud
parameters:
  skuName: StandardSSD_LRS
  csi.storage.k8s.io/fstype: ext4-integrity
reclaimPolicy: Delete
volumeBindingMode: Immediate

Please note that volume expansion is not supported for integrity-protected disks.

Troubleshooting

Limitations

Kubernetes Development

To build the driver container image:

driver_version=v0.0.0-test
make REGISTRY=ghcr.io/edgelesssys IMAGE_NAME=constellation/azure-csi-driver IMAGE_VERSION=${driver_version} container
docker push ghcr.io/edgelesssys/constellation/azure-csi-driver:${driver_version}

Links

License

This project is licensed under the AGPLv3. It's based on code licensed under the Apache 2.0 license.

About

No description, website, or topics provided.

Resources

Readme

License

AGPL-3.0, Apache-2.0 licenses found

Licenses found

AGPL-3.0
LICENSE
Apache-2.0
LICENSE.Apache

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 8

v1.4.0 Latest
Jun 19, 2024
+ 7 releases

Packages 1

 

Contributors 3

  •  
  •  
  •  

Languages