File tree Expand file tree Collapse file tree 1 file changed +10
-0
lines changed
app-dev/devops-and-containers/oke/oke-policies Expand file tree Collapse file tree 1 file changed +10
-0
lines changed Original file line number Diff line number Diff line change @@ -28,6 +28,16 @@ UNCLEAR: Maybe this policy is necessary for every IPv6 cluster
2828Allow any-user to use ipv6s in compartment <compartment-ocid-of-network-resources> where all { request.principal.id = '<cluster-ocid>' }
2929```
3030
31+
32+ ### ENCRYPT ETCD WITH A KEY
33+
34+ To encrypt etcd secrets at rest using a custom key, this needs to be specified at cluster creation and the following policy must be in place:
35+
36+ [ https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengencryptingdata.htm#console ] ( https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengencryptingdata.htm#console )
37+
38+ ```
39+ Allow any-user to use keys in compartment <compartment-name> where ALL {request.principal.type = 'cluster', target.key.id = '<key-ocid>'}
40+ ```
3141
3242
3343### ENCRYPT BOOT VOLUME WITH KEY
You can’t perform that action at this time.
0 commit comments