Deployments can not be encrypt by EncryptionConfig

7/3/2018

I want to enable data encryption in etcd.

I followed the step described in the documentation.

  1. Created config file as below:

    kind: EncryptionConfig  
    apiVersion: v1  
    resources:  
      - resources:      
        - secrets     
        - configmaps  
        - deployments  
        providers:  
        - aescbc:  
            keys:  
            - name: key1  
              secret: O804TNlPZ4PG+f5Ocbkg/VLfYW7bVxituFGCsAjWiQc=  
        - identity: {}  
  2. Set the encrypt config in kube-apiserver

    - experimental-encryption-provider-config=/etc/kubernetes/pki/apiserver-rest.key
  3. After restart kube-apiserver, create a configmap and deployment resource,

  4. Check data if is encrypt in etcd. configmap and secret resource is encrypt, but deployment is not encrypt. And for crd resources, is not encrypt also. enter image description here

Does encryptionconfig only support several kind resources, not all kind resource, I do not see any description about supported kind of resources in the kubernetes documentation.

-- zjzhangkui
kubernetes

0 Answers