检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
This section describes how to use the keys managed by Data Encryption Workshop (DEW) to encrypt EVS disks. Prerequisites You have created a cluster and installed the CCE Container Storage (Everest) add-on in the cluster. An available key has been created in DEW.
Using KMS to Encrypt Secrets Huawei Cloud Data Encryption Workshop (DEW) provides secure, easy-to-use Key Management Service (KMS). With KMS keys, you can encrypt Kubernetes secrets stored in CCE to safeguard sensitive data for your applications.
Secret Encryption: You can encrypt Kubernetes secrets stored in CCE using envelope encryption with KMS keys. For details, see Using KMS to Encrypt Secrets.
For details, see Using KMS to Encrypt Secrets. NOTE: This function is being deployed. For details about the regions where this function is available, see the console.
Encryption Configure whether to encrypt underlying storage. If you select Enabled (key), an encryption key must be configured. Before using encryption, check whether the region where the EVS disk is located supports disk encryption.
This API uses AES-GCM to replace AES-CBC and uses DEK to encrypt data at rest (Kubernetes Secrets). No additional operation is required during this process. Additionally, data can be read through AES-GCM and AES-CBC. For details, see Using a KMS provider for data encryption.
This API uses AES-GCM to replace AES-CBC and uses DEK to encrypt data at rest (Kubernetes Secrets). No additional operation is required during this process. Additionally, data can be read through AES-GCM and AES-CBC. For details, see Using a KMS provider for data encryption.
Encrypt sensitive information before creating a secret and decrypt the information when using it. Using a Bound ServiceAccount Token to Access a Cluster The secret-based ServiceAccount token does not support expiration time or auto update.
Encryption Configure whether to encrypt underlying storage. If you select Enabled (key), an encryption key must be configured. Enterprise Project This parameter is available only for enterprise accounts with enterprise projects enabled.
Encryption Configure whether to encrypt underlying storage. If you select Enabled (key), an encryption key must be configured. Before using encryption, check whether the region where the EVS disk is located supports disk encryption.
Encryption Configure whether to encrypt underlying storage. If you select Enabled (key), an encryption key must be configured. Enterprise Project This parameter is available only for enterprise accounts with enterprise projects enabled.
Buying a Cluster Comparison Between Cluster Types Buying a CCE Standard/Turbo Cluster Using Edge Cloud Resources in a Remote CCE Turbo Cluster Using KMS to Encrypt Secrets Comparing iptables and IPVS Parent Topic: Clusters
If you use YAML to create a secret, you need to manually encrypt its value using Base64. # echo -n "Content to be encoded" | base64 Check Item 8: Whether the Container Startup Command Is Correctly Configured The error messages are as follows: Solution Click the workload name to go