Search_HUAWEI CLOUD

Encrypting EVS Disks - Cloud Container Engine

This section describes how to use the keys managed by Data Encryption Workshop (DEW) to encrypt EVS disks. Prerequisites You have created a cluster and installed the CCE Container Storage (Everest) add-on in the cluster. An available key has been created in DEW.

Help > Cloud Container Engine > User Guide > Storage > Elastic Volume Service
Using an SFS File System Through a Dynamic PV - Cloud Container Engine

Encryption Configure whether to encrypt underlying storage if the storage class is csi-nas. If you select Enabled (key), an encryption key must be configured. Click Create to create a PVC and a PV.

Help > Cloud Container Engine > User Guide > Storage > Scalable File Service
Using an EVS Disk Through a Dynamic PV - Cloud Container Engine

Encryption Configure whether to encrypt underlying storage. If you select Enabled (key), an encryption key must be configured. Before using encryption, check whether the region where the EVS disk is located supports disk encryption.

Help > Cloud Container Engine > User Guide > Storage > Elastic Volume Service
Kubernetes 1.25 Release Notes - Cloud Container Engine

This API uses AES-GCM to replace AES-CBC and uses DEK to encrypt data at rest (Kubernetes Secrets). No additional operation is required during this process. Additionally, data can be read through AES-GCM and AES-CBC. For details, see Using a KMS provider for data encryption.

Help > Cloud Container Engine > Product Bulletin > Product Release Notes > Cluster Versions > Kubernetes Version Release Notes
Kubernetes 1.25 Release Notes - Cloud Container Engine

This API uses AES-GCM to replace AES-CBC and uses DEK to encrypt data at rest (Kubernetes Secrets). No additional operation is required during this process. Additionally, data can be read through AES-GCM and AES-CBC. For details, see Using a KMS provider for data encryption.

Help > Cloud Container Engine > User Guide > Clusters > Cluster Version Release Notes > Kubernetes Version Release Notes
Configuration Suggestions on CCE Secret Security - Cloud Container Engine

Encrypt sensitive information before creating a secret and decrypt the information when using it. Using a Bound ServiceAccount Token to Access a Cluster The secret-based ServiceAccount token does not support expiration time or auto update.

Help > Cloud Container Engine > Best Practices > Security
Using DSS Through a Dynamic PV - Cloud Container Engine

Encryption Configure whether to encrypt underlying storage. If you select Enabled (key), an encryption key must be configured.

Help > Cloud Container Engine > User Guide > Storage > DSS
Dynamically Mounting an EVS Disk to a StatefulSet - Cloud Container Engine

Encryption Configure whether to encrypt underlying storage. If you select Enabled (key), an encryption key must be configured. Before using encryption, check whether the region where the EVS disk is located supports disk encryption.

Help > Cloud Container Engine > User Guide > Storage > Elastic Volume Service
Dynamically Mounting a DSS Disk to a StatefulSet - Cloud Container Engine

Encryption Configure whether to encrypt underlying storage. If you select Enabled (key), an encryption key must be configured.

Help > Cloud Container Engine > User Guide > Storage > DSS
What Should I Do If Container Startup Fails? - Cloud Container Engine

If you use YAML to create a secret, you need to manually encrypt its value using Base64. # echo -n "Content to be encoded" | base64 Check Item 8: Whether the Container Startup Command Is Correctly Configured The error messages are as follows: Solution Click the workload name to go

Help > Cloud Container Engine > FAQs > Workload > Workload Exception Troubleshooting

Total results: 10

Was this helpful?

Feedbacks

/200

Submit Feedback Cancel