EncryptionConfiguration(/etc/kubernetes/encryption-config.yaml):apiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - resources: ["secrets"] providers: - kms: name: local-kms endpoint: unix:///var/run/kms-plugin/socket.sock cachesize: 100 timeout: 3s - aescbc: keys: - name: key1 secret: wK7Yy0o1RZ9mVQ3V9N4qkQyWn2rH6lV8wK7Yy0o1RZ8= - identity: {} 启动参数(kube-apiserver):--encryption-provider-config=/etc/kubernetes/encryption-config.yaml 验证(创建与读取 Secret):kubectl create secret generic demo --from-literal=token=secret123 kubectl get secret demo -o yaml # 在 etcd 存储中为加密数据(验证需直接查看 etcd 中的原始值)
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复