Support encryption of other disks #10469
Comments
|
See #8367 - will be available eventually. |
I attempted to encrypt Longhorn volumes (https://longhorn.io/docs/1.8.1/advanced-resources/security/volume-encryption/), but it appears that Talos does not allow its kernel to load dm-crypt or utilize cryptsetup. I also investigated encrypting the underlying external disks used by Longhorn; however, Talos currently does not offer a configuration option for that either. I hope the feature becomes available soon. |
After coming across issue #10473, I tried the same configuration in Talos 1.8.4 and found that Longhorn encryption worked perfectly. However, when I tested it on the latest Talos version (1.9.4), it did not function as expected. It appears something may have gone wrong with cryptsetup between v1.8.4 and v1.9.4. By the way, I still hope for a feature to encrypt externally mounted disks in Talos. |
Feature Request
Support encryption of other disks, for use with Storage Clusters
Description
Right now, as stated in the documentation, disk encryption is only supported on the STATE and EPHEMERAL partition of the primary disk. So, if we also want to use any of the Storage Clusters options, we have to rely on them to support some kind of encryption. Supporting encryption of all disks directly from Talos would be more straightforward.
For example, I'm using TPM disk encryption on each nodes, and I would also like to encrypt the disks used by Piraeus / LINSTOR, without having to also implement LINSTOR's encryption and trying to figure out how to implement the automatic passphrase with Talos. The disk(s) would be unlocked by Talos at boot and be ready to be used with LVM, ZFS, etc.
Right now, I don't see the point in using Talos' disk encryption if my actual application data cannot be encrypted.
The text was updated successfully, but these errors were encountered: