Hi @billhill the flags in values.yaml such as verifySsl are for control plane access to VMS. And the terminology is dated… the HTTPS connection is being secured by TLS not deprecated SSL.
For our block (NVMe o TCP) CSI Driver, there is support for dynamic host-based encryption that leverages LUKS.
But for securing NFSv4, we don’t have anything in the driver to dynamically take care of setting up a tunnel. VAST does support running NFSv4 over encryption, which is detailed in the kb doc @ram shared. There are steps required on the host that are not taken care of dynamically by the CSI driver, however the CSI driver does support mountOptions (per storageClass) to accomodate any of the options mentioned in that kb article. And the storageClass is also where you would define a view policy that has the appropriate options set for using NFSv4 with encryption. As for the view created for your PV/PVC, it’ll automatically get created with NFSv4 enabled when you include vers=4.1(or 4.2) in your mountOptions.
Hopefully this helps.