Documentation Index
Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt
Use this file to discover all available pages before exploring further.
apiVersion: v1alpha1
kind: UserVolumeConfig
name: ceph-data # Name of the volume.
# The provisioning describes how the volume is provisioned.
provisioning:
# The disk selector expression.
diskSelector:
match: disk.transport == "nvme" # The Common Expression Language (CEL) expression to match the disk.
maxSize: 50GiB # The maximum size of the volume, if not specified the volume can grow to the size of the
# # The minimum size of the volume.
# minSize: 2.5GiB
# The filesystem describes how the volume is formatted.
filesystem:
type: xfs # Filesystem type. Default is `xfs`.
# The encryption describes how the volume is encrypted.
encryption:
provider: luks2 # Encryption provider to use for the encryption.
# Defines the encryption keys generation and storage method.
keys:
- slot: 0 # Key slot number for LUKS2 encryption.
# Enable TPM based disk encryption.
tpm: {}
# # KMS managed encryption key.
# kms:
# endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key.
- slot: 1 # Key slot number for LUKS2 encryption.
# Key which value is stored in the configuration file.
static:
passphrase: topsecret # Defines the static passphrase value.
# # KMS managed encryption key.
# kms:
# endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key.
# # Cipher to use for the encryption. Depends on the encryption provider.
# cipher: aes-xts-plain64
# # Defines the encryption sector size.
# blockSize: 4096
# # Additional --perf parameters for the LUKS2 encryption.
# options:
# - no_read_workqueue
# - no_write_workqueue
| Field | Type | Description | Value(s) |
|---|
name | string | | |
provisioning | ProvisioningSpec | The provisioning describes how the volume is provisioned. | |
filesystem | FilesystemSpec | The filesystem describes how the volume is formatted. | |
encryption | EncryptionSpec | The encryption describes how the volume is encrypted. | |
provisioning
ProvisioningSpec describes how the volume is provisioned.
| Field | Type | Description | Value(s) |
|---|
diskSelector | DiskSelector | The disk selector expression. | |
grow | bool | Should the volume grow to the size of the disk (if possible). | |
minSize | ByteSize | | |
maxSize | ByteSize | | |
diskSelector
DiskSelector selects a disk for the volume.
| Field | Type | Description | Value(s) |
|---|
match | Expression | The Common Expression Language (CEL) expression to match the disk. | |
filesystem
FilesystemSpec configures the filesystem for the volume.
| Field | Type | Description | Value(s) |
|---|
type | FilesystemType | Filesystem type. Default is xfs. | ext4
xfs
|
encryption
EncryptionSpec represents volume encryption settings.
encryption:
provider: luks2 # Encryption provider to use for the encryption.
# Defines the encryption keys generation and storage method.
keys:
- slot: 0 # Key slot number for LUKS2 encryption.
# Key which value is stored in the configuration file.
static:
passphrase: exampleKey # Defines the static passphrase value.
# # KMS managed encryption key.
# kms:
# endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key.
- slot: 1 # Key slot number for LUKS2 encryption.
# KMS managed encryption key.
kms:
endpoint: https://example-kms-endpoint.com # KMS endpoint to Seal/Unseal the key.
cipher: aes-xts-plain64 # Cipher to use for the encryption. Depends on the encryption provider.
blockSize: 4096 # Defines the encryption sector size.
# # Additional --perf parameters for the LUKS2 encryption.
# options:
# - no_read_workqueue
# - no_write_workqueue
| Field | Type | Description | Value(s) |
|---|
provider | EncryptionProviderType | Encryption provider to use for the encryption. | luks2
|
keys | EncryptionKey | Defines the encryption keys generation and storage method. | |
cipher | string | Cipher to use for the encryption. Depends on the encryption provider. | aes-xts-plain64
xchacha12,aes-adiantum-plain64
xchacha20,aes-adiantum-plain64
|
keySize | uint | Defines the encryption key length. | |
blockSize | uint64 | Defines the encryption sector size. | |
options | []string | Additional —perf parameters for the LUKS2 encryption. | no_read_workqueue
no_write_workqueue
same_cpu_crypt
|
keys[]
EncryptionKey represents configuration for disk encryption key.
static
EncryptionKeyStatic represents throw away key type.
| Field | Type | Description | Value(s) |
|---|
passphrase | string | Defines the static passphrase value. | |
nodeID
EncryptionKeyNodeID represents deterministically generated key from the node UUID and PartitionLabel.
kms
EncryptionKeyKMS represents a key that is generated and then sealed/unsealed by the KMS server.
encryption:
keys:
- kms:
endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key.
| Field | Type | Description | Value(s) |
|---|
endpoint | string | KMS endpoint to Seal/Unseal the key. | |
tpm
EncryptionKeyTPM represents a key that is generated and then sealed/unsealed by the TPM.
| Field | Type | Description | Value(s) |
|---|
checkSecurebootStatusOnEnroll | bool | | |
Talos
Omni
Kubernetes Guides