K
Q

How to enable Application layer secrets encryption in GKE cluster with terraform?

12/22/2019

I am creating a GKE cluster with Terraform script, I need to use Application layer secrets encryption in the cluster so I am not getting a block for this on terraform's official documentation can anyone please tell me how to enable Application layer secrets encryption in terraform script

-- Yash Saini
google-cloud-platform
google-kubernetes-engine
terraform
terraform-provider-gcp
terraform-provider-openstack

Similar Questions

What is the best way to maximize jupyterhub pods resources assignment
Java 8 - javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Exposing application deployed on kubernetes cluster in front of Bigip
Bazel k8s_object - Unable to publish images
Serviceaccount name does not "stick" to Argo Workflow when memoizing

2 Answers

1/17/2020

I used this one:

  database_encryption {
    state    = "ENCRYPTED"
    key_name = google_kms_crypto_key.encryption-kms-key.self_link
  }

And this depends_on for used the kKMS keyring created with Terraform.

  depends_on = [
    google_kms_key_ring.keyring
  ]

Ref: https://www.terraform.io/docs/providers/google/d/google_kms_crypto_key.html

-- user2577098
Source: StackOverflow
1/16/2020

To enable it you need to set database_encryption of google_container_clusterresource

https://www.terraform.io/docs/providers/google/r/container_cluster.html#database_encryption

-- Victor Godoy
Source: StackOverflow