| ▲ | everfrustrated 5 days ago | |
Has anybody found a good way to use encrypted disks with Hetzner yet? | ||
| ▲ | M4t7e 5 days ago | parent | next [-] | |
If you need disk encryption on Hetzner, I built a Terraform module that sets up a Kubernetes cluster with encrypted disks enabled by default: https://github.com/hcloud-k8s/terraform-hcloud-kubernetes | ||
| ▲ | winrid 5 days ago | parent | prev | next [-] | |
Their installer script supports LUKS. Setup dropbear, and have another encrypted instance that runs a cron that runs a script every minute to check for the dropbear port on all instances and sshes in and passes the key to boot. This is what I do for fastcomments anyway for ovh and hetzner | ||
| ▲ | ralala 5 days ago | parent | prev | next [-] | |
What is the threat model you want to mitigate using encryption at rest? Is it that a physical disk is not properly wiped after usage? Then you could just use luks and store the key anywhere else, e.g. another machine or an external volume… | ||
| ▲ | adamcharnock 5 days ago | parent | prev | next [-] | |
To answer from a Kubernetes perspective: Both OpenEBS Mayastor and LocalZFS now support disk encryption. | ||
| ▲ | bflesch 5 days ago | parent | prev [-] | |
Encrypted disks are easily setup with archlinux + LUKS + tinySSH, you can remote unlock via SSH. | ||