Creating a Kubernetes Cluster with Encrypted Secrets
Create a Kubernetes cluster with encrypted secrets in the etcd key-value store using the OCI Console, CLI, and API interfaces.
- Note
These instructions assume you have already followed the steps in Encrypting Kubernetes Secrets at Rest in Etcd and created:
- a dynamic group including all clusters in the compartment
- a suitable policy to give the dynamic group access to the master encryption key in Vault
- Open the navigation menu and click Developer Services. Under Containers & Artifacts, click Kubernetes Clusters (OKE).
- Under List Scope, in the Compartment list, choose the compartment where you want to create a Kubernetes cluster that has Kubernetes secrets encrypted with a Vault service master encryption key.
-
Click Create Cluster, follow the instructions under Using the Console to create a Cluster with Explicitly Defined Settings in the 'Custom Create' workflow in Creating Kubernetes Clusters Using Console Workflows, and select the Encrypt Using Customer-Managed Keys option.
- Note
These instructions assume you have already followed the steps in Encrypting Kubernetes Secrets at Rest in Etcd and created:
- a dynamic group including all clusters in the compartment
- a suitable policy to give the dynamic group access to the master encryption key in Vault
Open a command prompt and run
oci ce cluster create
to create a cluster where Kubernetes secrets at rest in the etcd data-store are encrypted with a Vault service master encryption key:oci ce cluster create --name <cluster_name> --compartment-id <target_compartment_id> --vcn-id <target_vcn_id> --kubernetes-version <kubernetes_version> --kms-key-id <target_key_id>
For example:
oci ce cluster create --name EncryptedCluster --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz --vcn-id ocid1.vcn.oc1.iad.exampleexamplesgwertshsdgfy2muagjhrcmzhtp6c5fplejt3miqvyja --kubernetes-version v1.14.8 --kms-key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq
For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.
Run the CreateCluster operation for creating kubernetes cluster with encrypted secrets.
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.