Merge pull request #94525 from lahinson/osdocs-14912-etcd-encrypt

[OSDOCS-14912]: Adding etcd encryption content to the new etcd book

Author: lahinson

_topic_maps/_topic_map.yml

@@ -1240,9 +1240,6 @@ Topics:
 - Name: Allowing JavaScript-based access to the API server from additional hosts
   File: allowing-javascript-access-api-server
   Distros: openshift-enterprise,openshift-origin
-- Name: Encrypting etcd data
-  File: encrypting-etcd
-  Distros: openshift-enterprise,openshift-origin
 - Name: Scanning pods for vulnerabilities
   File: pod-vulnerability-scan
   Distros: openshift-enterprise,openshift-origin
@@ -2450,7 +2447,7 @@ Topics:
     File: replace-unhealthy-etcd-member
   - Name: Disaster recovery
     File: etcd-disaster-recovery
-- Name: Encrypting etcd data
+- Name: Enabling etcd encryption
   File: etcd-encrypt
 # - Name: Setting up fault-tolerant control planes that span data centers
 #  File: etcd-fault-tolerant

etcd/etcd-encrypt.adoc

@@ -1,7 +1,20 @@
 :_mod-docs-content-type: ASSEMBLY
 [id="etcd-encrypt"]
 include::_attributes/common-attributes.adoc[]
-= Encrypting etcd data
+= Enabling etcd encryption
 :context: etcd-encrypt
 
-// This assembly will contain modules to provide information about encrypting etcd.
+toc::[]
+
+// About etcd encryption
+include::modules/about-etcd-encryption.adoc[leveloffset=+1]
+
+// Supported encryption types
+include::modules/etcd-encryption-types.adoc[leveloffset=+1]
+
+// Enabling etcd encryption
+include::modules/enabling-etcd-encryption.adoc[leveloffset=+1]
+
+// Disabling etcd encryption
+include::modules/disabling-etcd-encryption.adoc[leveloffset=+1]
+

hosted_control_planes/index.adoc

@@ -13,7 +13,7 @@ include::modules/hcp-ocp-differences.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../security/encrypting-etcd.adoc#encrypting-etcd[Enabling etcd encryption]
+* xref:../etcd/etcd-encrypt.adoc#etcd-encrypt[Enabling etcd encryption]
 
 include::modules/hcp-mce-acm-relationship-intro.adoc[leveloffset=+1]
 include::modules/hcp-acm-discover.adoc[leveloffset=+2]

installing/overview/installing-fips.adoc

@@ -69,7 +69,7 @@ Although the {product-title} cluster itself uses FIPS validated or Modules In Pr
 [id="installation-about-fips-components-etcd_{context}"]
 === etcd
 
-To ensure that the secrets that are stored in etcd use FIPS validated or Modules In Process encryption, boot the node in FIPS mode. After you install the cluster in FIPS mode, you can xref:../../security/encrypting-etcd.adoc#encrypting-etcd[encrypt the etcd data] by using the FIPS-approved `aes cbc` cryptographic algorithm.
+To ensure that the secrets that are stored in etcd use FIPS validated or Modules In Process encryption, boot the node in FIPS mode. After you install the cluster in FIPS mode, you can xref:../../etcd/etcd-encrypt.adoc#etcd-encrypt[encrypt the etcd data] by using the FIPS-approved `aes cbc` cryptographic algorithm.
 
 [id="installation-about-fips-components-storage_{context}"]
 === Storage
@@ -110,4 +110,4 @@ To enable FIPS mode for your cluster, you must run the installation program from
 If you are using Azure File storage, you cannot enable FIPS mode.
 ====
 
-To apply `AES CBC` encryption to your etcd data store, follow the xref:../../security/encrypting-etcd.adoc#encrypting-etcd[Encrypting etcd data] process after you install your cluster.
+To apply `AES CBC` encryption to your etcd data store, follow the xref:../../etcd/etcd-encrypt.adoc#etcd-encrypt[Encrypting etcd data] process after you install your cluster.

modules/about-etcd-encryption.adoc

@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
-// * security/encrypting-etcd.adoc
 // * post_installation_configuration/cluster-tasks.adoc
+// * etcd/etcd-encrypt.adoc
 
 :_mod-docs-content-type: CONCEPT
 [id="about-etcd_{context}"]
@@ -24,4 +24,4 @@ When you enable etcd encryption, encryption keys are created. You must have thes
 Etcd encryption only encrypts values, not keys. Resource types, namespaces, and object names are unencrypted.
 
 If etcd encryption is enabled during a backup, the `__static_kuberesources_<datetimestamp>.tar.gz__` file contains the encryption keys for the etcd snapshot. For security reasons, store this file separately from the etcd snapshot. However, this file is required to restore a previous state of etcd from the respective etcd snapshot.
-====
+====

modules/disabling-etcd-encryption.adoc

@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
-// * security/encrypting-etcd.adoc
 // * post_installation_configuration/cluster-tasks.adoc
+// * etcd/etcd-encrypt.adoc
 
 :_mod-docs-content-type: PROCEDURE
 [id="disabling-etcd-encryption_{context}"]

modules/enabling-etcd-encryption.adoc

@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
-// * security/encrypting-etcd.adoc
 // * post_installation_configuration/cluster-tasks.adoc
+// * etcd/etcd-encrypt.adoc
 
 :_mod-docs-content-type: PROCEDURE
 [id="enabling-etcd-encryption_{context}"]

modules/etcd-encryption-types.adoc

@@ -1,7 +1,7 @@
 // Module included in the following assemblies:
 //
-// * security/encrypting-etcd.adoc
 // * post_installation_configuration/cluster-tasks.adoc
+// * etcd/etcd-encrypt.adoc
 
 :_mod-docs-content-type: CONCEPT
 [id="etcd-encryption-types_{context}"]

security/encrypting-etcd.adoc

@@ -61,7 +61,7 @@ You can also review more details about the types of certificates used by the clu
 [id="encrypting-data"]
 === Encrypting data
 
-You can xref:../security/encrypting-etcd.adoc#encrypting-etcd[enable etcd encryption] for your cluster to provide an additional layer of data security. For example, it can help protect the loss of sensitive data if an etcd backup is exposed to the incorrect parties.
+You can xref:../etcd/etcd-encrypt.adoc#etcd-encrypt[enable etcd encryption] for your cluster to provide an additional layer of data security. For example, it can help protect the loss of sensitive data if an etcd backup is exposed to the incorrect parties.
 
 [discrete]
 [id="vulnerability-scanning"]