K
Q

Deployments can not be encrypt by EncryptionConfig

7/3/2018

I want to enable data encryption in etcd.

I followed the step described in the documentation.

  1. Created config file as below:

    kind: EncryptionConfig  
apiVersion: v1  
resources:  
  - resources:      
    - secrets     
    - configmaps  
    - deployments  
    providers:  
    - aescbc:  
        keys:  
        - name: key1  
          secret: O804TNlPZ4PG+f5Ocbkg/VLfYW7bVxituFGCsAjWiQc=  
    - identity: {}

  2. Set the encrypt config in kube-apiserver

    - experimental-encryption-provider-config=/etc/kubernetes/pki/apiserver-rest.key

  3. After restart kube-apiserver, create a configmap and deployment resource,

  4. Check data if is encrypt in etcd. configmap and secret resource is encrypt, but deployment is not encrypt. And for crd resources, is not encrypt also. enter image description here

Does encryptionconfig only support several kind resources, not all kind resource, I do not see any description about supported kind of resources in the kubernetes documentation.

-- zjzhangkui
kubernetes

Similar Questions

Kubernetes the hard way - How to set node unschedulable
Using envoy without pods (in on pres solution)
kubernetes cluster mode, what is ingress url?
Pod presets not working on minikube
How to get an access to the disk device in a pod?
How to solve AzureFile mount error(22): Invalid argument inside container?
MongoDB replicaset loses database when updating primary replica (Kubernetes + Bitnami Helm Chart)

0 Answers