检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Figure 2 Encrypted PVC The method of using an encrypted PVC is the same as that of using a regular PVC. Automatically Creating an Encrypted EVS Disk Using kubectl Use kubectl to access the cluster. Create the pvc-evs-auto.yaml file.
If automatic key rotation is used, your existing secrets will still be encrypted with the previous key, but any new secrets will be encrypted with the updated key.
Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted. Constraints on LVM: The default backup configuration that is stored in the /etc/lvm/lvm.conf path for the node LVM has been changed.
If the EVS disk is encrypted, the key must be available. If your account has enterprise projects enabled, you can only select the EVS disks in the enterprise project that the cluster belongs to, or in the default enterprise project.
Mandatory for an encrypted disk.
AK/SK authentication: Requests are encrypted using an AK/SK. AK/SK-based authentication is recommended because it is more secure than token-based authentication. Token-based Authentication The validity period of a token is 24 hours.
The difference is that the secrets are encrypted, so they are suitable for storing sensitive information. Base64 Encoding A secret stores data in key-value pairs, the same form as that of a ConfigMap.
Snapshot data of encrypted disks is stored encrypted, and that of non-encrypted disks is stored non-encrypted.
If the DSS disk is encrypted, the key must be available. If your account has enterprise projects enabled, you can only select the disks in the enterprise project that the cluster belongs to, or in the default enterprise project.
Mandatory for an encrypted disk.
The secrets created by users will be encrypted and stored in etcd of the CCE cluster. Secrets can be used in two modes: environment variable and file mounting. No matter which mode is used, CCE still transfers the configured data to users.
Mandatory for an encrypted disk.
Not encrypted is selected by default. If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
Not encrypted is selected by default. If you select Enabled (key) for Data Disk Encryption, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
You can use TLS to forward encrypted TCP requests from clients for a Service. Service TLS relies on ELB. Before enabling TLS on a Service, check whether TLS is supported in the current region.
{"error":{"message":"encrypted key id [***] is invalid.","code":"Ecs.0912"}} The possible causes are as follows: The KMS key ID entered during node pool creation does not exist.
The values of tls.crt and tls.key are the content encrypted using Base64. Parent Topic: Network Exception Troubleshooting
Domain name to be issued: *.monitoring.svc. serverCert Yes String Specifies a server certificate, which is encrypted using Base64. This parameter is optional during installation.
Not encrypted is selected by default. After setting Data Disk Encryption to Enabled, choose an existing key. If no key is available, click View Key List and create a key. After the key is created, click the refresh icon next to the text box.
The value of the secret is automatically encrypted using Base64.
