Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request for Support on Utilizing OBS Object Storage with Encryption via Huawei CSI Driver #149

Open
Wolfslicht opened this issue Mar 6, 2024 · 1 comment
Open

Request for Support on Utilizing OBS Object Storage with Encryption via Huawei CSI Driver #149

Wolfslicht opened this issue Mar 6, 2024 · 1 comment
Labels
accepted Indicates an issue or PR is ready to be actively worked on. feature Categorizes issue or PR as related to a new feature.

Comments

@Wolfslicht
Copy link

Wolfslicht commented Mar 6, 2024
edited
Loading

Description:

We aim to utilize Huawei Object Storage Service (OBS) with encryption for storing sensitive data within our Kubernetes environment, focusing on leveraging OBS as direct object storage rather than through the Parallel File System (PFS) abstraction. This approach is crucial for meeting our compliance and security requirements.

Current Behavior:

Deployment of the Huawei CSI Driver for OBS defaults to using the Parallel File System method for bucket creation and management, which does not meet our need for direct object storage access with encryption for enhanced data security.

Expected Behavior:

Our goal is to configure the Huawei CSI Driver for OBS for direct object storage access, enabling full utilization of OBS's encryption features. We expect our applications within Pods to interact directly with encrypted OBS buckets via the OBS API or SDKs, eliminating the need for a filesystem abstraction layer.

Kubernetes Version:

RKE2 1.26r1

Node OS:

Ubuntu 22.04 LTS

Specific Requirement:

  • Encryption support: Essential for our use case, as data stored in OBS must be encrypted. We aim to leverage OBS's native encryption capabilities for securing our data.
  • Direct Object Storage Access: Needed to bypass the Parallel File System abstraction, enabling direct interaction with OBS to utilize its encryption and other object-storage-specific features efficiently.

Clarification Sought:

  • Instructions on configuring the Huawei CSI Driver for OBS to support direct object storage access with encryption, avoiding the Parallel File System approach.
  • Recommendations or guidance for achieving secure, direct access to encrypted data within Kubernetes, if direct interaction through the CSI driver is not feasible.

Request:

We seek detailed guidance or alternative solutions enabling direct interaction with encrypted OBS buckets within Kubernetes pods. This support is critical for adhering to our security and compliance standards while optimizing our cloud storage strategy.
@Zippo-Wang
Copy link
Contributor

Hello, Mr Wolfgang, we have carefully reviewed your requirement. But I regret to tell you that the service of OBS is not support mount by the OBS Bucket way. You can find this in the official documentation of OBS service

If you want to use encryption, you can use EVS service of Huaweicloud to create unshared volume. And then use parameter kmsId to encrypt sensitive information. You can click here to review the EVS documention of CSI.

@chengxiangdong chengxiangdong added feature Categorizes issue or PR as related to a new feature. accepted Indicates an issue or PR is ready to be actively worked on. labels Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted Indicates an issue or PR is ready to be actively worked on. feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chengxiangdong @Zippo-Wang @Wolfslicht