I have ELK cluster with 1 client node, 1 master node and 3 data nodes. Master and data nodes have volumes attached to it. Volumes for data nodes are of 200GB each. None of these volumes are encrypted, now I want to encrypt these volumes.
This works when we have only one replica of statefulset and use one volume mount. but for 3 replicas its not able to attach to the volume. There is one option in kubernetes that give volume definition with "encrypted" flag but then we have to specify claim name in deployment/statefulset.We can specify claim name in statefulset but only if we have one claim to specify. But as my elk cluster has 3 data nodes, we can't specify one specific claim name in the statefulset.
I tried to do it dynamically by giving storage class "encrypted" flag to true as following:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: esvolume-2
provisioner: kubernetes.io/aws-ebs
parameters:
type: gp2
zones: eu-west-1c
iopsPerGB: "600"
fsType: ext4
encrypted: "true"
then we have to use this storage class in the claim like following:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: esdata-2
labels:
app: mo-es-data
spec:
storageClassName: esvolume-2
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
And then need to specify the claim name in the statefulset like following:
volumeMounts:
- name: esdata-2
mountPath: /data
#imagePullSecrets:
#- name: mo-docker-registry
volumeClaimTemplates:
- metadata:
name: esdata-2
So I can't go with this solution.
Manual replacement is also not possible, as 3 volumes has been attached to one statefulset.
I expect volumes to be encrypted, but not able to encrypt them.
Please help me with this, how can I achieve encryption of volumes in such case?