Kubernetes Prow Robot
GitHub
commit
885e455748
|
|
@ -492,7 +492,7 @@ your backups using a well reviewed backup and encryption solution, and consider
|
|||
encryption where possible.
|
||||
|
||||
Kubernetes supports [encryption at rest](/docs/tasks/administer-cluster/encrypt-data/), a feature
|
||||
introduced in 1.7, and beta since 1.13. This will encrypt `Secret` resources in etcd, preventing
|
||||
introduced in 1.7, v1 beta since 1.13, and v2 alpha since 1.25. This will encrypt resources like `Secret` and `ConfigMap` in etcd, preventing
|
||||
parties that gain access to your etcd backups from viewing the content of those secrets. While
|
||||
this feature is currently beta, it offers an additional level of defense when backups
|
||||
are not encrypted or an attacker gains read access to etcd.
|
||||
|
|
@ -505,8 +505,8 @@ are not encrypted or an attacker gains read access to etcd.
|
|||
并考虑在可能的情况下使用全盘加密。
|
||||
|
||||
Kubernetes 支持[静态数据加密](/zh-cn/docs/tasks/administer-cluster/encrypt-data/)。
|
||||
该功能在 1.7 版本引入,并在 1.13 版本成为 Beta。
|
||||
它会加密 etcd 里面的 `Secret` 资源,以防止某一方通过查看 etcd 的备份文件查看到这些
|
||||
该功能在 1.7 版引入,在 1.13 版成为 v1 Beta,在 1.25 版成为 v2 Alpha。
|
||||
它会加密 etcd 里面的 `Secret` 和 `ConfigMap` 资源,以防止某一方通过查看 etcd 的备份文件查看到这些
|
||||
Secret 的内容。虽然目前该功能还只是 Beta 阶段,
|
||||
在备份未被加密或者攻击者获取到 etcd 的读访问权限时,它仍能提供额外的防御层级。
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue