Help Center/
Application Performance Management/
Best Practices(2.0)/
Encrypting AK/SK for Deploying an APM Agent in a CCE Container
Updated on 2025-03-27 GMT+08:00
Encrypting AK/SK for Deploying an APM Agent in a CCE Container
Background
When an APM Agent is deployed in a CCE container, the AK/SK must be encrypted for security purposes.
Procedure
- Generate a JAR package that contains the decryption method. Assume that the JAR package name is demo.jar, the built-in decryption class is com.demo.DecryptDemo, and the decryption method is decrypt (which is a static method). Then pack the JAR package into an image and upload it to the image repository. To obtain an access key, see Access Keys.
- Add the initContainer attribute to the CCE deployment YAML file.
Example:
- The address of the image uploaded in step 1 is swr.cn-north-5.myhuaweicloud.com/hwstaff_pub_apmpaasw3/decrypt:v2.
- The decryption class name is com.demo.DecryptDemo. The decryption method is decrypt.
The following shows initContainer. Replace the information in bold.
initContainers: - name: init-secret image: swr.cn-north-5.myhuaweicloud.com/hwstaff_pub_apmpaasw3/decrypt:v2 command: - /bin/sh - '-c' - cp /root/com.demo.DecryptDemo.jar /var/init/secret/apm-javaagent/ext; sed -i 's%#decrypt.className=.*%decrypt.className=com.demo.DecryptDemo%g' /var/init/secret/apm-javaagent/apm.config; sed -i 's%#decrypt.methodName=.*%decrypt.methodName=decrypt%g' /var/init/secret/apm-javaagent/apm.config; resources: limits: cpu: 100m memory: 100Mi requests: cpu: 100m memory: 100Mi volumeMounts: - name: paas-apm2 mountPath: /var/init/secret
By adding initContainer, you can copy the JAR package to the apm-javaagent/ext directory and modify the configuration file.
- Obtain an AK/SK from the APM console, encrypt the SK, and replace the AK/SK in the YAML file.
- Save the configuration and upgrade the CCE instance.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot