[英]how to Identify if an EKS cluster is using an external secret storage provider
I'm looking for a way to identify through CLI if a given EKS is using an external secret storage provider rather than use kube.netes secrets directly, and if it does, than which provider is being used.我正在寻找一种方法来通过 CLI 识别给定的 EKS 是否正在使用外部秘密存储提供程序而不是直接使用 kube.netes 秘密,如果确实如此,则确定正在使用哪个提供程序。
Thanks for the help.谢谢您的帮助。
From what I've learned, it might be possible to use EKS cluster-describe EncryptionConfig
section to get such information though I'm not 100% sure how to use it for my needs described above.根据我所了解的情况,可以使用 EKS cluster-describe EncryptionConfig
部分来获取此类信息,尽管我不是 100% 确定如何使用它来满足我的上述需求。
From what I gather, you're trying to use an external secret storage solution like AWS Secrets Manager as a source for the secrets in your cluster.据我了解,您正在尝试使用外部机密存储解决方案(如 AWS Secrets Manager)作为集群中机密的来源。 To rope those secret values into your cluster, you can use the External Secrets Operator (ESO) .要将这些秘密值绑定到您的集群中,您可以使用External Secrets Operator (ESO) 。 ESO will communicate with AWS Secrets Manager and create the secrets for you in the cluster. ESO 将与 AWS Secrets Manager 通信并在集群中为您创建机密。 I have a video demonstrating this here .我在这里有一个演示这个的视频。 To save time, you can jump to 06:50 in the video that deals with your specific query.为节省时间,您可以在处理您的特定查询的视频中跳至 06:50。
In addition to this, you can add an envelope of encryption to your secrets in the cluster using KMS.除此之外,您还可以使用 KMS 为集群中的机密添加加密信封。 Here are some links to help with that:这里有一些链接可以帮助解决这个问题:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.