![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2018\/11\/AWS-Logo.png\"){kind=logo}
<\/p>\n<\/p>\n
The answer was taken from<\/span><\/span><\/span> gitmemory<\/a><\/p>\n In order to encrypt an already created EBS Volume<\/strong>, you need to take a snapshot of it.<\/span><\/span> Then, from the created snapshot, create a disk in the same region as the original one, and also specify the KMS<\/strong> key for encryption.<\/span><\/span><\/span><\/p>\n Then we save the manifest of the current PV<\/strong> to a file:<\/span><\/span><\/span><\/p>\n <\/p>\n We edit the file, replacing the ID of the original disk with the encrypted one.<\/span><\/span><\/span><\/p>\n Then apply the changes:<\/span><\/span><\/span><\/p>\n <\/p>\n The previous command will "get stuck" on execution, as the "finalizers<\/strong>" parameter prevents it, so in the next tab we do the following:<\/span><\/span><\/span><\/p>\n <\/p>\n Find and remove the following:<\/span><\/span><\/span><\/p>\n <\/p>\n We save the changes, after which the command in the previous tab should work successfully.<\/span><\/span><\/span><\/p>\n <\/p>\n After that, patch the PVC<\/strong> to which this PV belongs:<\/span><\/span><\/span><\/p>\n <\/p>\n Now all that’s left is to delete the pod that the PV is mounted to and make sure it is re-created with the new PV mounted.<\/span><\/span> Also, do not forget about the rights to use KMS keys for the IAM role, which is attached to EKS nodes.<\/span><\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":" The answer was taken from gitmemory In order to encrypt an already created EBS Volume, you need to take a snapshot of it. Then, from the created snapshot, create a disk in the same region as the original one, and also specify the KMS key for encryption. Then we save the manifest of the current … \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c "\u00a0EKS — Encrypt current PV (EBS Volume)"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[599,559],"tags":[543,1867,1563,551,1229,1095],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2289"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2289"}],"version-history":[{"count":2,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2289\/revisions"}],"predecessor-version":[{"id":2291,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2289\/revisions\/2291"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\r\nkubectl get pv <PV_NAME> -o yaml > \/tmp\/pv.yaml\r\n<\/pre>\n
\r\nkubectl replace --cascade=false --force -f \/tmp\/pv.yaml\r\n<\/pre>\n
\r\nkubectl edit pv <PV_NAME>\r\n<\/pre>\n
\r\n finalizers:\r\n - kubernetes.io\/pv-protection\r\n<\/pre>\n
\r\nkubectl patch pvc <PVC_NAME> -p '{"metadata":{"finalizers": []}}' --type=merge\r\n<\/pre>\n