K
Q

Kubernetes EncryptionConfig Customer Resource Definition

2/27/2019

My goal is to encrypt a CRD using an EncryptionConfig.

My initial EncryptionConfig only for secrets works.

kind: EncryptionConfig
apiVersion: v1
resources:
 - resources:
    - secrets
    providers:
    - aescbc:
        keys:
        - name: key1
          secret: N/A
    - identity: {}

Checking the etcd db directly I can confirm that secrets are now encrypted.

I now want to extend this config to encrypt CRDs. My assumption is that CRD to the list of resources in some way would enable the encryption of the CRDs.

I have tried a number of different permutations of the resources array with no luck.

resources:
  - resources:
    - secrets
    - apiextensions.k8s.io/customresourcedefinitions/mycrd


resources:
  - resources:
    - secrets
    - customresourcedefinitions

None of these work. Is it possible to encrypt CRDs with the EncryptionConfig? If it is, what is the correct way to do it.

-- Sam Marland
encryption
etcd
kubernetes

Similar Questions

Deploy Kubernetes pods on unique nodes
How to schedule a cronjob which executes a kubectl command?
How to migrate volume of statefulset to a helm chart
minikube start get error: "k8s-app=kube-proxy connection refused"
The wait flag from the uninstallation function of Helm is not waiting

0 Answers