K
Q

Encrypt the elasticsearch data in k8s

5/15/2020

I have installed the elastic search image in k8s on a PV which is created using ceph-rook DFS. When installing the ceph-rook the encryption mode was enabled

#pvc for elasitc search pod
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: core-pv-claim
  namespace: test
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  storageClassName: rook-cephfs


#volume mount for elastic search pod

 volumeMounts:
        - name: persistent-storage
          mountPath: /usr/local/elastic/data
      volumes:
      - name: persistent-storage
        persistentVolumeClaim:
          claimName: core-pv-claim

The pod got deployed successfully and the data is being saved in "/usr/local/elastic/data" When i logged into the pod and changed the path i could see the date in rest in the "/usr/local/elastic/data" without any encryption

#kubectl exec -it elastic-pod12 bash 
#ls /usr/local/elastic/data
#your data

Is there a way to encrypt this data as well, or restrict the user from accessing the same using via kubectl

-- KKF
elasticsearch
kubectl
kubernetes

Similar Questions

Is haproxy ingress controller support tls client authentication for tcp mode backend?
Kubernetes client -CertificateException insufficient data
Kubernetes "RETAIN" PVs are not getting auto mounted on restart
Getting ETCD Metrics from etcdctl

0 Answers