Annotating encrypted RBD storage classes
This section provides you with information on annotating encrypted RBD storage classes.
When the OpenShift console creates a RADOS block device (RBD) storage class with encryption
enabled, the annotation is set automatically. However, you need to add the annotation,
cdi.kubevirt.io/clone-strategy=copy
for any of the encrypted RBD storage classes
that were previously created before updating to the Fusion Data Foundation. This enables
customer data integration (CDI) to use host-assisted
cloning instead of the default smart cloning.
The keys used to access an encrypted volume are tied to the namespace where the volume was created. When cloning an encrypted volume to a new namespace, such as, provisioning a new OpenShift Virtualization virtual machine, a new volume must be created and the content of the source volume must then be copied into the new volume. This behavior is triggered automatically if the storage class is properly annotated.