kops Etcd Volume Encryption

By | June 4, 2018

Etcd Volume Encryption
You must configure etcd volume encryption before bringing up your cluster. You cannot add etcd volume encryption to an already running cluster.

Encrypting Etcd Volumes Using the Default AWS KMS Key
Edit your cluster to add encryptedVolume: true to each etcd volume:

kops edit cluster ${CLUSTER_NAME}


etcdClusters:
– etcdMembers:
– instanceGroup: master-us-east-1a
name: a
encryptedVolume: true
name: main
– etcdMembers:
– instanceGroup: master-us-east-1a
name: a
encryptedVolume: true
name: events

Update your cluster:

kops update cluster ${CLUSTER_NAME}
# Review changes before applying
kops update cluster ${CLUSTER_NAME} –yes
Encrypting Etcd Volumes Using a Custom AWS KMS Key
Edit your cluster to add encryptedVolume: true to each etcd volume:

kops edit cluster ${CLUSTER_NAME}


etcdClusters:
– etcdMembers:
– instanceGroup: master-us-east-1a
name: a
encryptedVolume: true
kmsKeyId:
name: main
– etcdMembers:
– instanceGroup: master-us-east-1a
name: a
encryptedVolume: true
kmsKeyId:
name: events

Update your cluster:

kops update cluster ${CLUSTER_NAME}
# Review changes before applying
kops update cluster ${CLUSTER_NAME} –yes

referral -> https://github.com/kubernetes/kops/blob/master/docs/etcd_volume_encryption.md

Сomments аrchive