Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2026-01-03 16:55:31 -05:00
Code Issues Projects Releases Packages Wiki Activity
constellation/workflows/storage/index.html

161 lines
No EOL
47 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" dir="ltr" class="docs-wrapper plugin-docs plugin-id-default docs-version-2.24 docs-doc-page docs-doc-id-workflows/storage" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v3.9.2">
<title data-rh="true">Use persistent storage | Constellation</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.edgeless.systems/constellation/workflows/storage"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="2.24"><meta data-rh="true" name="docusaurus_tag" content="docs-default-2.24"><meta data-rh="true" name="docsearch:version" content="2.24"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-2.24"><meta data-rh="true" property="og:title" content="Use persistent storage | Constellation"><meta data-rh="true" name="description" content="Persistent storage in Kubernetes requires cloud-specific configuration."><meta data-rh="true" property="og:description" content="Persistent storage in Kubernetes requires cloud-specific configuration."><link data-rh="true" rel="icon" href="/constellation/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://docs.edgeless.systems/constellation/workflows/storage"><link data-rh="true" rel="alternate" href="https://docs.edgeless.systems/constellation/workflows/storage" hreflang="en"><link data-rh="true" rel="alternate" href="https://docs.edgeless.systems/constellation/workflows/storage" hreflang="x-default"><script data-rh="true" type="application/ld+json">{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Workflows","item":"https://docs.edgeless.systems/constellation/category/workflows"},{"@type":"ListItem","position":2,"name":"Use persistent storage","item":"https://docs.edgeless.systems/constellation/workflows/storage"}]}</script><script src="/constellation/gtagman.js" async data-cookieconsent="ignore"></script><link rel="stylesheet" href="/constellation/assets/css/styles.9ca3c5b3.css">
<script src="/constellation/assets/js/runtime~main.87c4c513.js" defer="defer"></script>
<script src="/constellation/assets/js/main.add27954.js" defer="defer"></script>
</head>
<body class="navigation-with-keyboard">
<svg style="display: none;"><defs>
<symbol id="theme-svg-external-link" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"/></symbol>
</defs></svg>
<script>document.documentElement.setAttribute("data-theme","light"),document.documentElement.setAttribute("data-theme-choice","light"),function(){try{const n=new URLSearchParams(window.location.search).entries();for(var[t,e]of n)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}(),document.documentElement.setAttribute("data-announcement-bar-initially-dismissed",function(){try{return"true"===localStorage.getItem("docusaurus.announcement.dismiss")}catch(t){}return!1}())</script><div id="__docusaurus"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><div class="theme-announcement-bar announcementBar_mb4j" style="background-color:#E7E6E6" role="banner"><div class="announcementBarPlaceholder_vyr4"></div><div class="content_knG7 announcementBarContent_xLdY">If you like Constellation, give it a star on <a target="_blank" rel="noopener noreferrer" href="https://github.com/edgelesssys/constellation">GitHub</a> ⭐️</div><button type="button" aria-label="Close" class="clean-btn close closeButton_CVFx announcementBarClose_gvF7"><svg viewBox="0 0 15 15" width="14" height="14"><g stroke="currentColor" stroke-width="3.1"><path d="M.75.75l13.5 13.5M14.25.75L.75 14.25"></path></g></svg></button></div><nav aria-label="Main" class="theme-layout-navbar navbar navbar--fixed-top"><div class="navbar__inner"><div class="theme-layout-navbar-left navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/constellation/"><div class="navbar__logo"><img src="/constellation/img/logos/constellation_oneline.svg" alt="Constellation Logo" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/constellation/img/logos/constellation_oneline.svg" alt="Constellation Logo" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div></a></div><div class="theme-layout-navbar-right navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a aria-current="page" class="navbar__link active" aria-haspopup="true" aria-expanded="false" role="button" href="/constellation/workflows/storage">2.24</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/constellation/next/workflows/storage">Next</a></li><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/constellation/workflows/storage">2.24</a></li><li><a class="dropdown__link" href="/constellation/2.23/workflows/storage">2.23</a></li><li><a class="dropdown__link" href="/constellation/2.22/workflows/storage">2.22</a></li></ul></div><a href="https://github.com/edgelesssys/constellation" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-github-link"></a><div class="navbarSearchContainer_Bca1"><div class="dsla-search-wrapper"><div class="dsla-search-field" data-tags="default,docs-default-2.24"></div></div></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="theme-layout-main main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG menuWithAnnouncementBar_GW3s"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/constellation/"><span title="Introduction" class="linkLabel_WmDU">Introduction</span></a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/basics"><span title="Basics" class="categoryLinkLabel_W154">Basics</span></a><button aria-label="Expand sidebar category &#x27;Basics&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/getting-started"><span title="Getting started" class="categoryLinkLabel_W154">Getting started</span></a><button aria-label="Expand sidebar category &#x27;Getting started&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist menu__link--active" href="/constellation/category/workflows"><span title="Workflows" class="categoryLinkLabel_W154">Workflows</span></a><button aria-label="Collapse sidebar category &#x27;Workflows&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/verify-cli"><span title="Verify the CLI" class="linkLabel_WmDU">Verify the CLI</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/config"><span title="Configure your cluster" class="linkLabel_WmDU">Configure your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/create"><span title="Create your cluster" class="linkLabel_WmDU">Create your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/scale"><span title="Scale your cluster" class="linkLabel_WmDU">Scale your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/upgrade"><span title="Upgrade your cluster" class="linkLabel_WmDU">Upgrade your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/lb"><span title="Expose a service" class="linkLabel_WmDU">Expose a service</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/cert-manager"><span title="Install cert-manager" class="linkLabel_WmDU">Install cert-manager</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/s3proxy"><span title="Install s3proxy" class="linkLabel_WmDU">Install s3proxy</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/terminate"><span title="Terminate your cluster" class="linkLabel_WmDU">Terminate your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/recovery"><span title="Recover your cluster" class="linkLabel_WmDU">Recover your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/verify-cluster"><span title="Verify your cluster" class="linkLabel_WmDU">Verify your cluster</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/constellation/workflows/storage"><span title="Use persistent storage" class="linkLabel_WmDU">Use persistent storage</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/terraform-provider"><span title="Use the Terraform provider" class="linkLabel_WmDU">Use the Terraform provider</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/sbom"><span title="Consume SBOMs" class="linkLabel_WmDU">Consume SBOMs</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/reproducible-builds"><span title="Reproduce release artifacts" class="linkLabel_WmDU">Reproduce release artifacts</span></a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/constellation/workflows/troubleshooting"><span title="Troubleshooting" class="linkLabel_WmDU">Troubleshooting</span></a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/architecture"><span title="Architecture" class="categoryLinkLabel_W154">Architecture</span></a><button aria-label="Expand sidebar category &#x27;Architecture&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="categoryLink_byQd menu__link menu__link--sublist" href="/constellation/category/reference"><span title="Reference" class="categoryLinkLabel_W154">Reference</span></a><button aria-label="Expand sidebar category &#x27;Reference&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/constellation/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/constellation/category/workflows"><span>Workflows</span></a></li><li class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link">Use persistent storage</span></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">Version: 2.24</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Use persistent storage</h1></header>
<p>Persistent storage in Kubernetes requires cloud-specific configuration.
For abstraction of container storage, Kubernetes offers <a href="https://kubernetes.io/docs/concepts/storage/volumes/" target="_blank" rel="noopener noreferrer" class="">volumes</a>,
allowing users to mount storage solutions directly into containers.
The <a href="https://kubernetes-csi.github.io/docs/" target="_blank" rel="noopener noreferrer" class="">Container Storage Interface (CSI)</a> is the standard interface for exposing arbitrary block and file storage systems into containers in Kubernetes.
Cloud service providers (CSPs) offer their own CSI-based solutions for cloud storage.</p>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="confidential-storage">Confidential storage<a href="#confidential-storage" class="hash-link" aria-label="Direct link to Confidential storage" title="Direct link to Confidential storage" translate="no"></a></h2>
<p>Most cloud storage solutions support encryption, such as <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek" target="_blank" rel="noopener noreferrer" class="">GCE Persistent Disks (PD)</a>.
Constellation supports the available CSI-based storage options for Kubernetes engines in AWS, Azure, GCP, and STACKIT.
However, their encryption takes place in the storage backend and is managed by the CSP.
Thus, using the default CSI drivers for these storage types means trusting the CSP with your persistent data.</p>
<p>To address this, Constellation provides CSI drivers for AWS EBS, Azure Disk, GCE PD, and OpenStack Cinder, offering <a class="" href="/constellation/architecture/keys#storage-encryption">encryption on the node level</a>. They enable transparent encryption for persistent volumes without needing to trust the cloud backend. Plaintext data never leaves the confidential VM context, offering you confidential storage.</p>
<p>For more details see <a class="" href="/constellation/architecture/encrypted-storage">encrypted persistent storage</a>.</p>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="csi-drivers">CSI drivers<a href="#csi-drivers" class="hash-link" aria-label="Direct link to CSI drivers" title="Direct link to CSI drivers" translate="no"></a></h2>
<p>Constellation supports the following drivers, which offer node-level encryption and optional integrity protection.</p>
<div class="theme-tabs-container tabs-container tabList__CuJ"><ul role="tablist" aria-orientation="horizontal" class="tabs"><li role="tab" tabindex="0" aria-selected="true" class="tabs__item tabItem_LNqP tabs__item--active">AWS</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">Azure</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">GCP</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">STACKIT</li></ul><div class="margin-top--md"><div role="tabpanel" class="tabItem_Ymn6"><p><strong>Constellation CSI driver for AWS Elastic Block Store</strong>
Mount <a href="https://aws.amazon.com/ebs/" target="_blank" rel="noopener noreferrer" class="">Elastic Block Store</a> storage volumes into your Constellation cluster.
Follow the instructions on how to <a href="#installation" class="">install the Constellation CSI driver</a> or check out the <a href="https://github.com/edgelesssys/constellation-aws-ebs-csi-driver" target="_blank" rel="noopener noreferrer" class="">repository</a> for more information.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p><strong>Constellation CSI driver for Azure Disk</strong>:
Mount Azure <a href="https://azure.microsoft.com/en-us/services/storage/disks/#overview" target="_blank" rel="noopener noreferrer" class="">Disk Storage</a> into your Constellation cluster.
See the instructions on how to <a href="#installation" class="">install the Constellation CSI driver</a> or check out the <a href="https://github.com/edgelesssys/constellation-azuredisk-csi-driver" target="_blank" rel="noopener noreferrer" class="">repository</a> for more information.
Since Azure Disks are mounted as <code>ReadWriteOnce</code>, they&#x27;re only available to a single pod.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p><strong>Constellation CSI driver for GCP Persistent Disk</strong>:
Mount <a href="https://cloud.google.com/persistent-disk" target="_blank" rel="noopener noreferrer" class="">Persistent Disk</a> block storage into your Constellation cluster.
Follow the instructions on how to <a href="#installation" class="">install the Constellation CSI driver</a> or check out the <a href="https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver" target="_blank" rel="noopener noreferrer" class="">repository</a> for more information.</p></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p><strong>Constellation CSI driver for STACKIT / OpenStack Cinder</strong>
Mount <a href="https://docs.openstack.org/cinder/latest/" target="_blank" rel="noopener noreferrer" class="">Cinder</a> block storage volumes into your Constellation cluster.
Follow the instructions on how to <a href="#installation" class="">install the Constellation CSI driver</a> or check out the <a href="https://github.com/edgelesssys/constellation-cloud-provider-openstack" target="_blank" rel="noopener noreferrer" class="">repository</a> for more information.</p></div></div></div>
<p>Note that in case the options above aren&#x27;t a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use <a href="https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html" target="_blank" rel="noopener noreferrer" class="">AWS EFS</a>, <a href="https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction" target="_blank" rel="noopener noreferrer" class="">Azure Files</a>, or <a href="https://cloud.google.com/filestore" target="_blank" rel="noopener noreferrer" class="">GCP Filestore</a> with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet.</p>
<h2 class="anchor anchorTargetStickyNavbar_Vzrq" id="installation">Installation<a href="#installation" class="hash-link" aria-label="Direct link to Installation" title="Direct link to Installation" translate="no"></a></h2>
<p>The Constellation CLI automatically installs Constellation&#x27;s CSI driver for the selected CSP in your cluster.
If you don&#x27;t need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting <code>deployCSIDriver</code> to <code>false</code> in your Constellation config file.</p>
<div class="theme-tabs-container tabs-container tabList__CuJ"><ul role="tablist" aria-orientation="horizontal" class="tabs"><li role="tab" tabindex="0" aria-selected="true" class="tabs__item tabItem_LNqP tabs__item--active">AWS</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">Azure</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">GCP</li><li role="tab" tabindex="-1" aria-selected="false" class="tabs__item tabItem_LNqP">STACKIT</li></ul><div class="margin-top--md"><div role="tabpanel" class="tabItem_Ymn6"><p>AWS comes with two storage classes by default.</p><ul>
<li class=""><code>encrypted-rwo</code>
<ul>
<li class="">Uses <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html" target="_blank" rel="noopener noreferrer" class="">SSDs of <code>gp3</code> type</a></li>
<li class="">ext-4 filesystem</li>
<li class="">Encryption of all data written to disk</li>
</ul>
</li>
<li class=""><code>integrity-encrypted-rwo</code>
<ul>
<li class="">Uses <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html" target="_blank" rel="noopener noreferrer" class="">SSDs of <code>gp3</code> type</a></li>
<li class="">ext-4 filesystem</li>
<li class="">Encryption of all data written to disk</li>
<li class="">Integrity protection of data written to disk</li>
</ul>
</li>
</ul><p>For more information on encryption algorithms and key sizes, refer to <a class="" href="/constellation/architecture/encrypted-storage#cryptographic-algorithms">cryptographic algorithms</a>.</p><div class="theme-admonition theme-admonition-info admonition_xJq3 alert alert--info"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M7 2.3c3.14 0 5.7 2.56 5.7 5.7s-2.56 5.7-5.7 5.7A5.71 5.71 0 0 1 1.3 8c0-3.14 2.56-5.7 5.7-5.7zM7 1C3.14 1 0 4.14 0 8s3.14 7 7 7 7-3.14 7-7-3.14-7-7-7zm1 3H6v5h2V4zm0 6H6v2h2v-2z"></path></svg></span>info</div><div class="admonitionContent_BuS1"><p>The default storage class is set to <code>encrypted-rwo</code> for performance reasons.
If you want integrity-protected storage, set the <code>storageClassName</code> parameter of your persistent volume claim to <code>integrity-encrypted-rwo</code>.</p><p>Alternatively, you can create your own storage class with integrity protection enabled by adding <code>csi.storage.k8s.io/fstype: ext4-integrity</code> to the class <code>parameters</code>.
Or use another filesystem by specifying another file system type with the suffix <code>-integrity</code>, e.g., <code>csi.storage.k8s.io/fstype: xfs-integrity</code>.</p><p>Note that volume expansion isn&#x27;t supported for integrity-protected disks.</p></div></div></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p>Azure comes with two storage classes by default.</p><ul>
<li class=""><code>encrypted-rwo</code>
<ul>
<li class="">Uses <a href="https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds" target="_blank" rel="noopener noreferrer" class="">Standard SSDs</a></li>
<li class="">ext-4 filesystem</li>
<li class="">Encryption of all data written to disk</li>
</ul>
</li>
<li class=""><code>integrity-encrypted-rwo</code>
<ul>
<li class="">Uses <a href="https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#premium-ssds" target="_blank" rel="noopener noreferrer" class="">Premium SSDs</a></li>
<li class="">ext-4 filesystem</li>
<li class="">Encryption of all data written to disk</li>
<li class="">Integrity protection of data written to disk</li>
</ul>
</li>
</ul><p>For more information on encryption algorithms and key sizes, refer to <a class="" href="/constellation/architecture/encrypted-storage#cryptographic-algorithms">cryptographic algorithms</a>.</p><div class="theme-admonition theme-admonition-info admonition_xJq3 alert alert--info"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M7 2.3c3.14 0 5.7 2.56 5.7 5.7s-2.56 5.7-5.7 5.7A5.71 5.71 0 0 1 1.3 8c0-3.14 2.56-5.7 5.7-5.7zM7 1C3.14 1 0 4.14 0 8s3.14 7 7 7 7-3.14 7-7-3.14-7-7-7zm1 3H6v5h2V4zm0 6H6v2h2v-2z"></path></svg></span>info</div><div class="admonitionContent_BuS1"><p>The default storage class is set to <code>encrypted-rwo</code> for performance reasons.
If you want integrity-protected storage, set the <code>storageClassName</code> parameter of your persistent volume claim to <code>integrity-encrypted-rwo</code>.</p><p>Alternatively, you can create your own storage class with integrity protection enabled by adding <code>csi.storage.k8s.io/fstype: ext4-integrity</code> to the class <code>parameters</code>.
Or use another filesystem by specifying another file system type with the suffix <code>-integrity</code>, e.g., <code>csi.storage.k8s.io/fstype: xfs-integrity</code>.</p><p>Note that volume expansion isn&#x27;t supported for integrity-protected disks.</p></div></div></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p>GCP comes with two storage classes by default.</p><ul>
<li class=""><code>encrypted-rwo</code>
<ul>
<li class="">Uses <a href="https://cloud.google.com/compute/docs/disks#pdspecs" target="_blank" rel="noopener noreferrer" class="">standard persistent disks</a></li>
<li class="">ext-4 filesystem</li>
<li class="">Encryption of all data written to disk</li>
</ul>
</li>
<li class=""><code>integrity-encrypted-rwo</code>
<ul>
<li class="">Uses <a href="https://cloud.google.com/compute/docs/disks#pdspecs" target="_blank" rel="noopener noreferrer" class="">performance (SSD) persistent disks</a></li>
<li class="">ext-4 filesystem</li>
<li class="">Encryption of all data written to disk</li>
<li class="">Integrity protection of data written to disk</li>
</ul>
</li>
</ul><p>For more information on encryption algorithms and key sizes, refer to <a class="" href="/constellation/architecture/encrypted-storage#cryptographic-algorithms">cryptographic algorithms</a>.</p><div class="theme-admonition theme-admonition-info admonition_xJq3 alert alert--info"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M7 2.3c3.14 0 5.7 2.56 5.7 5.7s-2.56 5.7-5.7 5.7A5.71 5.71 0 0 1 1.3 8c0-3.14 2.56-5.7 5.7-5.7zM7 1C3.14 1 0 4.14 0 8s3.14 7 7 7 7-3.14 7-7-3.14-7-7-7zm1 3H6v5h2V4zm0 6H6v2h2v-2z"></path></svg></span>info</div><div class="admonitionContent_BuS1"><p>The default storage class is set to <code>encrypted-rwo</code> for performance reasons.
If you want integrity-protected storage, set the <code>storageClassName</code> parameter of your persistent volume claim to <code>integrity-encrypted-rwo</code>.</p><p>Alternatively, you can create your own storage class with integrity protection enabled by adding <code>csi.storage.k8s.io/fstype: ext4-integrity</code> to the class <code>parameters</code>.
Or use another filesystem by specifying another file system type with the suffix <code>-integrity</code>, e.g., <code>csi.storage.k8s.io/fstype: xfs-integrity</code>.</p><p>Note that volume expansion isn&#x27;t supported for integrity-protected disks.</p></div></div></div><div role="tabpanel" class="tabItem_Ymn6" hidden=""><p>STACKIT comes with two storage classes by default.</p><ul>
<li class=""><code>encrypted-rwo</code>
<ul>
<li class="">Uses <a href="https://docs.stackit.cloud/stackit/en/service-plans-blockstorage-75137974.html" target="_blank" rel="noopener noreferrer" class="">disks of <code>storage_premium_perf1</code> type</a></li>
<li class="">ext-4 filesystem</li>
<li class="">Encryption of all data written to disk</li>
</ul>
</li>
<li class=""><code>integrity-encrypted-rwo</code>
<ul>
<li class="">Uses <a href="https://docs.stackit.cloud/stackit/en/service-plans-blockstorage-75137974.html" target="_blank" rel="noopener noreferrer" class="">disks of <code>storage_premium_perf1</code> type</a></li>
<li class="">ext-4 filesystem</li>
<li class="">Encryption of all data written to disk</li>
<li class="">Integrity protection of data written to disk</li>
</ul>
</li>
</ul><p>For more information on encryption algorithms and key sizes, refer to <a class="" href="/constellation/architecture/encrypted-storage#cryptographic-algorithms">cryptographic algorithms</a>.</p><div class="theme-admonition theme-admonition-info admonition_xJq3 alert alert--info"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M7 2.3c3.14 0 5.7 2.56 5.7 5.7s-2.56 5.7-5.7 5.7A5.71 5.71 0 0 1 1.3 8c0-3.14 2.56-5.7 5.7-5.7zM7 1C3.14 1 0 4.14 0 8s3.14 7 7 7 7-3.14 7-7-3.14-7-7-7zm1 3H6v5h2V4zm0 6H6v2h2v-2z"></path></svg></span>info</div><div class="admonitionContent_BuS1"><p>The default storage class is set to <code>encrypted-rwo</code> for performance reasons.
If you want integrity-protected storage, set the <code>storageClassName</code> parameter of your persistent volume claim to <code>integrity-encrypted-rwo</code>.</p><p>Alternatively, you can create your own storage class with integrity protection enabled by adding <code>csi.storage.k8s.io/fstype: ext4-integrity</code> to the class <code>parameters</code>.
Or use another filesystem by specifying another file system type with the suffix <code>-integrity</code>, e.g., <code>csi.storage.k8s.io/fstype: xfs-integrity</code>.</p><p>Note that volume expansion isn&#x27;t supported for integrity-protected disks.</p></div></div></div></div></div>
<ol>
<li class="">
<p>Create a <a href="https://kubernetes.io/docs/concepts/storage/persistent-volumes/" target="_blank" rel="noopener noreferrer" class="">persistent volume</a></p>
<p>A <a href="https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims" target="_blank" rel="noopener noreferrer" class="">persistent volume claim</a> is a request for storage with certain properties.
It can refer to a storage class.
The following creates a persistent volume claim, requesting 20 GB of storage via the <code>encrypted-rwo</code> storage class:</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">cat &lt;&lt;EOF | kubectl apply -f -</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">kind: PersistentVolumeClaim</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">apiVersion: v1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">metadata:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> name: pvc-example</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> namespace: default</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">spec:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> accessModes:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> - ReadWriteOnce</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> storageClassName: encrypted-rwo</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> resources:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> requests:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> storage: 20Gi</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">EOF</span><br></span></code></pre></div></div>
</li>
<li class="">
<p>Create a Pod with persistent storage</p>
<p>You can assign a persistent volume claim to an application in need of persistent storage.
The mounted volume will persist restarts.
The following creates a pod that uses the previously created persistent volume claim:</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">cat &lt;&lt;EOF | kubectl apply -f -</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">apiVersion: v1</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">kind: Pod</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">metadata:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> name: web-server</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> namespace: default</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">spec:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> containers:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> - name: web-server</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> image: nginx</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> volumeMounts:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> - mountPath: /var/lib/www/html</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> name: mypvc</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> volumes:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> - name: mypvc</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> persistentVolumeClaim:</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> claimName: pvc-example</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain"> readOnly: false</span><br></span><span class="token-line" style="color:#393A34"><span class="token plain">EOF</span><br></span></code></pre></div></div>
</li>
</ol>
<h3 class="anchor anchorTargetStickyNavbar_Vzrq" id="change-the-default-storage-class">Change the default storage class<a href="#change-the-default-storage-class" class="hash-link" aria-label="Direct link to Change the default storage class" title="Direct link to Change the default storage class" translate="no"></a></h3>
<p>The default storage class is responsible for all persistent volume claims that don&#x27;t explicitly request <code>storageClassName</code>.
Constellation creates a storage class with encryption enabled and sets this as the default class.
In case you wish to change it, follow the steps below:</p>
<ol>
<li class="">
<p>List the storage classes in your cluster:</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">kubectl get storageclass</span><br></span></code></pre></div></div>
<p>The output is similar to this:</p>
<div class="language-shell-session codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-shell-session codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token output">NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">encrypted-rwo (default) {your-csp}.csi.confidential.cloud Delete Immediate true 1d</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">integrity-encrypted-rwo {your-csp}.csi.confidential.cloud Delete Immediate false 1d</span><br></span></code></pre></div></div>
<p>The default storage class is marked by <code>(default)</code>.</p>
</li>
<li class="">
<p>Mark old default storage class as non default</p>
<p>If you previously used another storage class as the default, you will have to remove that annotation:</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">kubectl patch storageclass encrypted-rwo -p &#x27;{&quot;metadata&quot;: {&quot;annotations&quot;:{&quot;storageclass.kubernetes.io/is-default-class&quot;:&quot;false&quot;}}}&#x27;</span><br></span></code></pre></div></div>
</li>
<li class="">
<p>Mark new class as the default</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">kubectl patch storageclass integrity-encrypted-rwo -p &#x27;{&quot;metadata&quot;: {&quot;annotations&quot;:{&quot;storageclass.kubernetes.io/is-default-class&quot;:&quot;true&quot;}}}&#x27;</span><br></span></code></pre></div></div>
</li>
<li class="">
<p>Verify that your chosen storage class is default:</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token plain">kubectl get storageclass</span><br></span></code></pre></div></div>
<p>The output is similar to this:</p>
<div class="language-shell-session codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#393A34;--prism-background-color:#f6f8fa"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-shell-session codeBlock_bY9V thin-scrollbar" style="color:#393A34;background-color:#f6f8fa"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#393A34"><span class="token output">NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">encrypted-rwo {your-csp}.csi.confidential.cloud Delete Immediate true 1d</span><br></span><span class="token-line" style="color:#393A34"><span class="token output">integrity-encrypted-rwo (default) {your-csp}.csi.confidential.cloud Delete Immediate false 1d</span><br></span></code></pre></div></div>
</li>
</ol></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col noPrint_WFHX"><a href="https://github.com/edgelesssys/constellation/edit/main/docs/versioned_docs/version-2.24/workflows/storage.md" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/constellation/workflows/verify-cluster"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Verify your cluster</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/constellation/workflows/terraform-provider"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Use the Terraform provider</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#confidential-storage" class="table-of-contents__link toc-highlight">Confidential storage</a></li><li><a href="#csi-drivers" class="table-of-contents__link toc-highlight">CSI drivers</a></li><li><a href="#installation" class="table-of-contents__link toc-highlight">Installation</a><ul><li><a href="#change-the-default-storage-class" class="table-of-contents__link toc-highlight">Change the default storage class</a></li></ul></li></ul></div></div></div></div></main></div></div></div><footer class="theme-layout-footer footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Learn</div><ul class="footer__items clean-list"><li class="footer__item"><a class="footer__link-item" href="/constellation/overview/confidential-kubernetes">Confidential Kubernetes</a></li><li class="footer__item"><a class="footer__link-item" href="/constellation/getting-started/install">Install</a></li><li class="footer__item"><a class="footer__link-item" href="/constellation/getting-started/first-steps">First steps</a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://github.com/edgelesssys/constellation" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.edgeless.systems/#footer" target="_blank" rel="noopener noreferrer" class="footer__link-item">Newsletter<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Social</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.edgeless.systems/blog/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Blog<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://twitter.com/EdgelessSystems" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.linkedin.com/company/edgeless-systems/" target="_blank" rel="noopener noreferrer" class="footer__link-item">LinkedIn<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.youtube.com/channel/UCOOInN0sCv6icUesisYIDeA" target="_blank" rel="noopener noreferrer" class="footer__link-item">Youtube<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Company</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://www.edgeless.systems/imprint/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Imprint<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.edgeless.systems/privacy/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy Policy<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="javascript: Cookiebot.renew()" class="footer__link-item">Cookie Settings</a></li><li class="footer__item"><a href="https://www.edgeless.systems/contact-us/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Contact Us<svg width="13.5" height="13.5" aria-label="(opens in new tab)" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div></div><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2025 Edgeless Systems</div></div></div></footer></div>
</body>
</html>
Reference in a new issue View git blame Copy permalink