3-transparent-encryption

This example is an extended version of the transparent encryption middleware showcased in Section 4.2 of the paper Pods-as-Volumes: Effortlessly Integrating Storage Systems and Middleware into Kubernetes, in Seventh International Workshop on Container Technologies and Container Clouds (WoC '21).

• File provisioner.yaml defines the PavProvisioner.

• File usage.yaml shows how to use the provisioner, defining (1) a StorageClass that references the PavProvisioner, (2) a Secret storing the encryption passphrase, (3) a "wrapping" PersistentVolumeClaim that uses the StorageClass and adds encryption to an existing "underlying" PersistentVolumeClaim, and (4) a Pod that mounts the "wrapping" PersistentVolumeClaim and sleeps forever.

Note that creating the wrapping PersistentVolumeClaim will cause all data on the underlying PersistentVolumeClaim to be lost! The same occurs when deleting the wrapping PersistentVolumeClaim.