From ee365e326718c9eb072fc724f927d6af0cbe7efb Mon Sep 17 00:00:00 2001 From: Tami Love Date: Thu, 13 Nov 2025 13:53:43 -0500 Subject: [PATCH] Add new module for encrypt etcd data --- .../microshift-install-get-ready.adoc | 6 ++++++ modules/microshift-encrypt-etcd-data.adoc | 9 +++++++++ 2 files changed, 15 insertions(+) create mode 100644 modules/microshift-encrypt-etcd-data.adoc diff --git a/microshift_install_get_ready/microshift-install-get-ready.adoc b/microshift_install_get_ready/microshift-install-get-ready.adoc index 3694b23d36de..7173d7034a59 100644 --- a/microshift_install_get_ready/microshift-install-get-ready.adoc +++ b/microshift_install_get_ready/microshift-install-get-ready.adoc @@ -20,6 +20,12 @@ include::modules/microshift-install-rhel-tools-concepts.adoc[leveloffset=+1] include::modules/microshift-install-rhde-steps.adoc[leveloffset=+1] +include::modules/microshift-encrypt-etcd-data.adoc[leveloffset=+1] +[role="_additional-resources"] +.Additional resources + +* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_storage_devices/encrypting-block-devices-using-luks_managing-storage-devices#luks-disk-encryption_encrypting-block-devices-using-luks[LUKS disk encryption] + [id="additional-resources_microshift-install-get-ready"] [role="_additional-resources"] == Additional resources diff --git a/modules/microshift-encrypt-etcd-data.adoc b/modules/microshift-encrypt-etcd-data.adoc new file mode 100644 index 000000000000..58eaf7808f65 --- /dev/null +++ b/modules/microshift-encrypt-etcd-data.adoc @@ -0,0 +1,9 @@ +// Module included in the following assembly: +// +// * microshift_install_get_ready/microshift-install-get-ready.adoc + +:_mod-docs-content-type: CONCEPT +[id="microshift-encrypt-etcd-data_{context}"] += Encrypt etcd data + +Kubernetes objects are stored in an etcd database and might contain sensitive data. The etcd data is not encrypted by default. You can encrypt the disk that contains the etcd database by using the Linux Unified Key Setup-on-disk-format (LUKS) management tool for block device encryption.