Support for provisioning Kubernetes Persistent Volume Claims (PVCs) on File Storage service
- Services: Kubernetes Engine
- Release Date: January 13, 2022
You can now provision Kubernetes persistent volume claims (PVCs) by mounting file systems in the Oracle Cloud Infrastructure File Storage service. The File Storage service file systems are mounted inside containers running on clusters created by Container Engine for Kubernetes using a CSI (Container Storage Interface) driver deployed on the clusters.
You use the File Storage service to provision PVCs by manually creating a file system and a mount target in the File Storage service, then defining and creating a persistent volume (PV) backed by the new file system, and finally defining a new PVC. When you create the PVC, Container Engine for Kubernetes binds the PVC to the PV backed by the File Storage service.
The File Storage service always encrypts data at rest, using Oracle-managed encryption keys by default. However, when creating a PVC you have the option to encrypt file systems using your own master encryption keys that you manage yourself in the Vault service.
Independent of at-rest encryption, you also have the option to specify in-transit encryption when creating a PVC. Data in transit is encrypted using a TLS certificate that is always Oracle-managed, regardless of whether data at rest is encrypted using Oracle-managed keys or using user-managed keys.
For more information, see Provisioning PVCs on the File Storage Service.