Attempting to encrypt existing PVs in EKS

by portezthechillr   Last Updated August 14, 2019 15:01 PM

I'm attempting to encrypt our existing PVs in EKS. Basically been searching the net and haven't come up with a solid solution. Our K8s version is 1.11 on EKS. Our PVs are EBS volumes. We currently have account level ebs encryption enabled but didn't when these resources were made.

I attempted to stop the ASG and the node. Created a snapshot and new encrypted volume then ran:

kubectl patch pv pvc-xxxxxxxx-xxxxx-xxxxxxxx -p '{"spec":{"awsElasticBlockStore":{"volumeID":"aws://us-east-1b/vol-xxxxx"}}}'

but was met with:

The PersistentVolume is invalid: spec.persistentvolumesource: Forbidden: is immutable after creation

I'm looking for a solution to this issue or to validate that is in fact not possible. Potential relevant github issue: https://github.com/kubernetes/kubernetes/issues/59642

Thanks in advance



Related Questions


Can I ever get my Data back?

Updated March 22, 2019 20:01 PM



How to recover files from infected. Vvv extention

Updated December 10, 2015 16:00 PM

Forgot the password of bitlocker drive

Updated December 30, 2018 03:01 AM