检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If automatic key rotation is used, your existing secrets will still be encrypted with the existing key, but any new secrets will be encrypted with the new key. In this way, new data can be encrypted using the latest key, and old data can still be decrypted.
Figure 1 Encrypted storage volume Click Create. Go to the PVCs tab and check whether the PVC of the encrypted EVS disk is created and whether the disk is encrypted. Figure 2 Encrypted PVC The method of using an encrypted PVC is the same as that of using a regular PVC.
Using kubectl to Automatically Create an OBS Volume Encrypted with SSE-KMS Use kubectl to access the cluster. Create the pvc-obs-auto.yaml file.
Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted. Constraints on LVM: The default backup configuration that is stored in the /etc/lvm/lvm.conf path for the node LVM has been changed.
If the EVS disk is encrypted, the key must be available. If your account has enterprise projects enabled, you can only select the EVS disks in the enterprise project that the cluster belongs to, or in the default enterprise project.
Mandatory for an encrypted disk.
AK/SK authentication: Requests are encrypted using an AK/SK. AK/SK-based authentication is recommended because it is more secure than token-based authentication. Token-based Authentication The validity period of a token is 24 hours.
The difference is that the secrets are encrypted, so they are suitable for storing sensitive information. Base64 Encoding A secret stores data in key-value pairs, the same form as that of a ConfigMap.
Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
If the DSS disk is encrypted, the key must be available. If your account has enterprise projects enabled, you can only select the disks in the enterprise project that the cluster belongs to, or in the default enterprise project.
Mandatory for an encrypted disk.
The secrets created by users will be encrypted and stored in etcd of the CCE cluster. Secrets can be used in two modes: environment variable and file mounting. No matter which mode is used, CCE still transfers the configured data to users.
Mandatory for an encrypted disk.
Not encrypted is selected by default. If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
Not encrypted is selected by default. If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
You can use TLS to forward encrypted TCP requests from clients for a Service. Service TLS relies on ELB. Before enabling TLS on a Service, check whether TLS is supported in the current region.
{"error":{"message":"encrypted key id [***] is invalid.","code":"Ecs.0912"}} The possible causes are as follows: The KMS key ID entered during node pool creation does not exist.
Domain name to be issued: *.monitoring.svc. serverCert Yes String Specifies a server certificate, which is encrypted using Base64. This parameter is optional during installation.
Not encrypted is selected by default. After setting Data Disk Encryption to Enabled, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
The value of the secret is automatically encrypted using Base64.