Encrypting Secret Data Stored in ETCD Database.

ECTD-ENCRYPTION
Kubernetes data Store flow.
  1. Create an encryption key.
head -c 32 /dev/urandom | base64
apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
- resources:
- secrets
providers:
- aescbc:
keys:
- name: key1
secret: <BASE 64 ENCODED SECRET>
- identity: {}
  • mkdir /etc/kubernetes/etcd
  • cp ec.yaml /etc/kubernetes/etcd/ec.yaml
- -encryption-provider-config=/etc/kubernetes/etcd/ec.yaml
$ kubectl create secret generic test-secret -n default — from-literal=user=admin$ ETCDCTL_API=3 etcdctl:2379 --endpoint=https://127.0.0.1 --cert /etc/kubernetes/pki/apiserver-etcd-client.crt --key /etc/kubernetes/pki/apiserver-etcd-client.key --cacert /etc/kubernetes/pki/etcd/ca.crt get /registry/secrets/default/new-secret

--

--

--

Stay hungry; Stay Foolish!!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Hannes Mehnert on MirageOS and OCaml: “Functional programming is about better code maintenance and…

Learn to Program Apps (for Free!)

Invisible Ink: A simple (but faulty) tool for watermarking unicode text

Day 86 — Daily Temperatures

GB’s Magical Guide to Being Awesome at Being a BP! — Part 1

MySQL and Golang

The Coin Toss Paradox

#LeetCode (May LeetCoding Challenge): Sort Characters By Frequency

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Khemnath chauhan

Khemnath chauhan

Stay hungry; Stay Foolish!!

More from Medium

Everything you need to know about One Time Passwords!

Understanding Kubernetes Multi-Container Pod Patterns and Init- Containers

Deep Dive into NoSQL Database Types

Extract, Transform, Load (ETL) for Powerbank in Shopee