I want to enable data encryption in etcd.
I followed the step described in the documentation.
Created config file as below:
kind: EncryptionConfig
apiVersion: v1
resources:
- resources:
- secrets
- configmaps
- deployments
providers:
- aescbc:
keys:
- name: key1
secret: O804TNlPZ4PG+f5Ocbkg/VLfYW7bVxituFGCsAjWiQc=
- identity: {}
Set the encrypt config in kube-apiserver
- experimental-encryption-provider-config=/etc/kubernetes/pki/apiserver-rest.key
After restart kube-apiserver, create a configmap and deployment resource,
Check data if is encrypt in etcd. configmap and secret resource is encrypt, but deployment is not encrypt. And for crd resources, is not encrypt also.
Does encryptionconfig only support several kind resources, not all kind resource, I do not see any description about supported kind of resources in the kubernetes documentation.