I'm attempting to encrypt our existing PVs in EKS. Basically been searching the net and haven't come up with a solid solution. Our K8s version is 1.11 on EKS. Our PVs are EBS volumes. We currently have account level ebs encryption enabled but didn't when these resources were made.
I attempted to stop the ASG and the node. Created a snapshot and new encrypted volume then ran:
kubectl patch pv pvc-xxxxxxxx-xxxxx-xxxxxxxx -p '{"spec":{"awsElasticBlockStore":{"volumeID":"aws://us-east-1b/vol-xxxxx"}}}'
but was met with:
The PersistentVolume is invalid: spec.persistentvolumesource: Forbidden: is immutable after creation
I'm looking for a solution to this issue or to validate that is in fact not possible. Potential relevant github issue: https://github.com/kubernetes/kubernetes/issues/59642
Thanks in advance