Support for dynamically provisioning Kubernetes Persistent Volume Claims (PVCs) on new file systems in File Storage service
- Services: Kubernetes Engine
- Release Date: December 14, 2022
You can now provision Kubernetes persistent volume claims (PVCs) by dynamically creating new file systems in the Oracle Cloud Infrastructure File Storage service. The File Storage service file systems are mounted inside containers running on clusters created by Container Engine for Kubernetes using a CSI (Container Storage Interface) driver deployed on the clusters.
You define and create a new storage class (optionally specifying the OCID of an existing mount target), and then define and create a new PVC based on that storage class. When you create the PVC, Container Engine for Kubernetes dynamically creates both a new File Storage service file system, and a new persistent volume (PV) backed by the new file system. Container Engine for Kubernetes binds the PVC to the PV backed by the new file system.
The File Storage service always encrypts data at rest, using Oracle-managed encryption keys by default. However, when creating the storage class you have the option to encrypt the new file systems using your own master encryption keys that you manage yourself in the Vault service.
Independent of at-rest encryption, you also have the option to specify in-transit encryption when creating the storage class. Data in transit is encrypted using a TLS certificate that is always Oracle-managed, regardless of whether data at rest is encrypted using Oracle-managed keys or using user-managed keys.
For more information, see Provisioning a PVC on a New File System Using the CSI Volume Plugin.