Add how to encrypt/decrypt image and volume #636
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Yu-Jack
force-pushed
the
feat-3129-01
branch
from
8e30ec5
to
f42d372
Compare
Yu-Jack
changed the title
Yu-Jack
changed the title
Yu-Jack
force-pushed
the
feat-3129-01
branch
5 times, most recently
from
16e1316
to
68fcd05
Compare
Yu-Jack
force-pushed
the
feat-3129-01
branch
7 times, most recently
from
73a754f
to
fa847ac
Compare
Yu-Jack
force-pushed
the
feat-3129-01
branch
5 times, most recently
from
795c836
to
9bec7d0
Compare
Yu-Jack
force-pushed
the
feat-3129-01
branch
from
8aac267
to
04883ca
Compare
bk201
requested changes
Sep 18, 2024
docs/image/image-security.md
Outdated
|
|
||
| ## Encrypt Image | ||
|
|
||
| After getting a source image, please select `Ecnrypt` to encrypt virtual machine image. |
There was a problem hiding this comment.
Suggested change
| After getting a source image, please select `Ecnrypt` to encrypt virtual machine image. | |
| After getting a source image, please select `Encrypt` to encrypt the virtual machine image. |
docs/image/image-security.md
Outdated
|
|
||
| ## Use Image | ||
|
|
||
| Select the image when creating virtual machine image. |
There was a problem hiding this comment.
Suggested change
| Select the image when creating virtual machine image. | |
| Select the image when creating a virtual machine. |
docs/volume/volume-security.md
Outdated
|
|
||
| There are two ways to create an encrypted volume. In either case, be sure to select an encrypted storage class. | ||
|
|
||
| ### In Volumes Tabs |
docs/volume/volume-security.md
Outdated
|
|
||
|  | ||
|
|
||
| ### In Images Tab |
There was a problem hiding this comment.
And "Volumes tab when creating a virtual machine".
docs/volume/volume-security.md
Outdated
|
|
||
| ### In Volumes Tabs | ||
|
|
||
|  |
There was a problem hiding this comment.
would be nice to update the two screenshots with the encrypted storage class created in the previous steps.
Yu-Jack
force-pushed
the
feat-3129-01
branch
2 times, most recently
from
ba552b9
to
4828080
Compare
|
Updated the all links from |
Yu-Jack
force-pushed
the
feat-3129-01
branch
2 times, most recently
from
8b2f8d2
to
6c5ced0
Compare
Yu-Jack
force-pushed
the
feat-3129-01
branch
from
6c5ced0
to
8a647fc
Compare
|
Gentle ping to @jillian-maroket , the GUI PR harvester/dashboard#1151 is ready, I think this document won't be changed anymore. Please help review this when you have time, thanks! |
docs/image/image-security.md
Outdated
Comment on lines
42
to
55
| ```yaml | ||
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: encryption | ||
| namespace: default | ||
| data: | ||
| CRYPTO_KEY_CIPHER: aes-xts-plain64 | ||
| CRYPTO_KEY_HASH: sha256 | ||
| CRYPTO_KEY_PROVIDER: secret | ||
| CRYPTO_KEY_SIZE: 256 | ||
| CRYPTO_KEY_VALUE: "Your encryption passphrase" | ||
| CRYPTO_PBKDF: argon2i | ||
| ``` |
There was a problem hiding this comment.
Please indent this code block.
docs/image/image-security.md
Outdated
Comment on lines
71
to
91
| ```yaml | ||
| allowVolumeExpansion: true | ||
| apiVersion: storage.k8s.io/v1 | ||
| kind: StorageClass | ||
| metadata: | ||
| name: encryption | ||
| parameters: | ||
| csi.storage.k8s.io/node-publish-secret-name: encryption | ||
| csi.storage.k8s.io/node-publish-secret-namespace: default | ||
| csi.storage.k8s.io/node-stage-secret-name: encryption | ||
| csi.storage.k8s.io/node-stage-secret-namespace: default | ||
| csi.storage.k8s.io/provisioner-secret-name: encryption | ||
| csi.storage.k8s.io/provisioner-secret-namespace: default | ||
| encrypted: "true" | ||
| migratable: "true" | ||
| numberOfReplicas: "3" | ||
| staleReplicaTimeout: "2880" | ||
| provisioner: driver.longhorn.io | ||
| reclaimPolicy: Delete | ||
| volumeBindingMode: Immediate | ||
| ``` |
There was a problem hiding this comment.
Please indent this code block.
docs/volume/volume-security.md
Outdated
Comment on lines
58
to
78
| ```yaml | ||
| allowVolumeExpansion: true | ||
| apiVersion: storage.k8s.io/v1 | ||
| kind: StorageClass | ||
| metadata: | ||
| name: encryption | ||
| parameters: | ||
| csi.storage.k8s.io/node-publish-secret-name: encryption | ||
| csi.storage.k8s.io/node-publish-secret-namespace: default | ||
| csi.storage.k8s.io/node-stage-secret-name: encryption | ||
| csi.storage.k8s.io/node-stage-secret-namespace: default | ||
| csi.storage.k8s.io/provisioner-secret-name: encryption | ||
| csi.storage.k8s.io/provisioner-secret-namespace: default | ||
| encrypted: "true" | ||
| migratable: "true" | ||
| numberOfReplicas: "3" | ||
| staleReplicaTimeout: "2880" | ||
| provisioner: driver.longhorn.io | ||
| reclaimPolicy: Delete | ||
| volumeBindingMode: Immediate | ||
| ``` |
There was a problem hiding this comment.
Please indent this code block.
|
Hi @jillian-maroket, I'm curious if we have any guidelines for writing documentation. For example, do we have a standard way to arrange sections or specific terms we can use in certain sections? For instance, avoiding like "Don't" in limitation sections, etc. |
Yu-Jack
force-pushed
the
feat-3129-01
branch
5 times, most recently
from
fa0d396
to
fc6a6bd
Compare
jillian-maroket
approved these changes
Oct 7, 2024
bk201
changed the title
bk201
approved these changes
Oct 7, 2024
Signed-off-by: Jack Yu <jack.yu@suse.com>
Signed-off-by: Jack Yu <jack.yu@suse.com>
Co-authored-by: Jillian <67180770+jillian-maroket@users.noreply.github.com> Signed-off-by: Jack Yu <jack.yu@suse.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Since the v1.4.0 harvester will support image/volume encryption, I'd like to refine the current image documentation structure.
It will be two markdowns in the sidebar:
Please check following path to review the content
Related Issue
harvester/harvester#3129