Attempting to encrypt existing PVs in EKS

8/14/2019

I'm attempting to encrypt our existing PVs in EKS. Basically been searching the net and haven't come up with a solid solution. Our K8s version is 1.11 on EKS. Our PVs are EBS volumes. We currently have account level ebs encryption enabled but didn't when these resources were made.

I attempted to stop the ASG and the node. Created a snapshot and new encrypted volume then ran:

kubectl patch pv pvc-xxxxxxxx-xxxxx-xxxxxxxx -p '{"spec":{"awsElasticBlockStore":{"volumeID":"aws://us-east-1b/vol-xxxxx"}}}'

but was met with:

The PersistentVolume is invalid: spec.persistentvolumesource: Forbidden: is immutable after creation

I'm looking for a solution to this issue or to validate that is in fact not possible. Potential relevant github issue: https://github.com/kubernetes/kubernetes/issues/59642

Thanks in advance

-- portezthechillr
encryption
kubernetes

0 Answers