Azure-docs: Volume Mount Encryption Support

Thanks for the feedback! We are currently investigating and will update you shortly.

@stdistef it is not supported out of the box.

There is a work around mentioned on the AKS GitHub page though

https://github.com/Azure/AKS/issues/282

Thanks, but issue 629 says we can not encrypt AKS agent node VMs ... so how would this work.... https://github.com/Azure/AKS/issues/629#issuecomment-419157510

I also got this from Brandon today...

[Image]

Get Outlook for Androidhttps://aka.ms/ghei36

From: Micah notifications@github.com
Sent: Friday, September 7, 2018 8:54:34 PM
To: MicrosoftDocs/azure-docs
Cc: Steve DiStefano; Mention
Subject: Re: [MicrosoftDocs/azure-docs] Volume Mount Encryption Support (#14655)

@stdistefhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fstdistef&data=02%7C01%7Cstdistef%40microsoft.com%7Cacf431ea5f9e457391f108d615041e5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636719504771311364&sdata=Dkc4qVh21SAghzmKYowt89XmJfEaVcPotsBgmDAmpdY%3D&reserved=0 it is not supported out of the box.
There is a work around mentioned on the AKS GitHub page though
Azure/AKS#282https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FAKS%2Fissues%2F282&data=02%7C01%7Cstdistef%40microsoft.com%7Cacf431ea5f9e457391f108d615041e5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636719504771321373&sdata=G%2FEGKNPto0psz9evNdUU76zGsT2VTe56uOQWSq2ODlk%3D&reserved=0
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fazure-docs%2Fissues%2F14655%23issuecomment-419562989&data=02%7C01%7Cstdistef%40microsoft.com%7Cacf431ea5f9e457391f108d615041e5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636719504771321373&sdata=ZFp1aW9uBFs8w%2FFXAqZD5XluU3qOKGxKRGR95end1WI%3D&reserved=0, or mute the threadhttps://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAiQ3rEqYc1CJ3a09CJqm6TT1dz1PlPdhks5uYt0KgaJpZM4We3l2&data=02%7C01%7Cstdistef%40microsoft.com%7Cacf431ea5f9e457391f108d615041e5c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636719504771331382&sdata=r4RTSRezSbdN6pc53z2RqztIVZ5ARR6duUMpwCKRLbg%3D&reserved=0.
[Image]

@stdistef correct so it is not supported. That was a work around that was suggested if you wanted to attempt it. But it is not something we official support. So it would be a "try at your own risk" kind of scenario until it is officially integrated into the product. It could have other repercussions so I wouldn't suggest using it in a PROD environment. But for testing and trying it out there is nothing stopping you.

@stdistef if this is something you would like to see offically supported you can leave your feedback on
UserVoice so the product teams and see it and consider adding that functionality.

I will close for now but if you have follow up questions let me know and we can reopen and continue.

I have submitted a feature request on the same. Security at all levels is imperative and with cloud environment, it is even more important. Wish this would have been available right when it was GA

Have anyone finally be able to encrypt data disk? I used the method above, but I couldn't do it work because dinamics pv are not "mappeable" on fstab