✓ Solved

Does the linode-block-storage-retain StorageClass encrypt at rest?

I'm using k8s and cannot find any documentation about encryption at rest. Does anyone know if linode implements any encryption for data at rest for volumes attached to a linode k8s cluster?

3 Replies

✓ Best Answer

Kubernetes (K8S or K3S) installed on Linodes does support encryption at rest, but LKE does not at this time. In order to do so, you would want to use notation like this:

apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
  - resources:
  - secrets
  providers:
  - aescbc:
      keys:
      - name: secretkey1
      secret: <ENCODED SECRET>
  - identity: {}

We have some information about htis within our Kubernetes Security Best-Practice page, but more information could be found without Kubernetes' documentation:

I submitted a feature request on your behalf though since encryption at rest would be great for us to implement.

Thanks, would be a great feature (and selling point) for linode k8s. :)
I couldn't find any info here: Kubernetes Security Best-Practice ,but thanks for the reply!

@jhartman I believe the question was geared toward Linode's block storage, not necessarily the storage of secrets within Kubernetes.

I haven't yet been able to find a definitive answer to the underlying block storage data protection strategy yet. Any insight would be much appreciated!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct