professional-service/examples/ske-encrypted-volumes
2026-07-01 13:40:32 +02:00
..
.terraform.lock.hcl terraform: Add provider blocks to all examples 2026-05-06 12:05:08 +02:00
010-provider.tf examples: fmt examples 2026-06-23 13:14:28 +02:00
020-ske-cluster.tf examples: fmt examples 2026-06-23 13:14:28 +02:00
030-kms.tf examples: fmt examples 2026-06-23 13:14:28 +02:00
040-authorization.tf examples: fmt examples 2026-06-23 13:14:28 +02:00
050-k8s-storage.tf examples: fmt examples 2026-06-23 13:14:28 +02:00
MAINTAINERS.md chore(examples): add new examples 2026-04-15 10:35:57 +02:00
README.md chore(docs): add readme warning for encrypted volumes 2026-04-16 09:20:12 +02:00
stackit.docs.yaml hackathon: work on idea 2026-07-01 13:40:32 +02:00

Encrypted Volumes for SKE

⚠️This example assumes that your project or organization has been enabled for a preview version of the STACKIT CSI Driver. If you wish to use encrypted volumes, please contact your account manager.

Overview

This guide demonstrates how to roll out an encrypted storage class for SKE using the STACKIT Key Management Service (KMS). To achieve this, we use a Service Account Impersonation (Act-As) pattern. This allows the internal SKE service account to perform encryption and decryption tasks on behalf of a user-managed service account that has been granted access to your KMS keys.