CCE Servers Using CSMS
Overview
CCE provides multiple types of plug-ins to extend cluster functions. The dew-provider plug-in of CCE interconnects with CSMS and mounts secrets to service pods. In this way, sensitive information is decoupled from the cluster environment, preventing sensitive information leakage caused by hard coding or plaintext configuration.
Constraints
- Supported cluster versions: v1.19 and later
- Supported cluster types: CCE Standard and CCE Turbo
Components
Component |
Description |
Resource Type |
---|---|---|
dew-provider |
A component that obtains specified secrets from CSMS and mounts them to the pods. |
DaemonSet |
secrets-store-csi-driver |
A component responsible for maintaining two CRDs: SecretProviderClass (SPC) and SecretProviderClassPodStatus (spcPodStatus). SPC is used to describe the secret that users are interested in (such as the secret version and name). It is created by users and will be referenced in pods. spcPodStatus is used to trace the binding relationships between pods and secrets. It is automatically created by csi-driver and requires no manual operation. One pod corresponds to one spcPodStatus. After a pod is started, a spcPodStatus is generated for the pod. When the pod lifecycle ends, the spcPodStatus is deleted accordingly. |
DaemonSet |
Installing the Plug-in On the Console
- Log in to the CCE console. Click the cluster name to access its details page. In the navigation pane on the left, choose Add-ons. Locate dew-provider on the right and click Install.
- On the Install Add-on page, configure parameters as required. Table 2 describes the parameters.
- Click Install. After the plug-in is installed, select the cluster and click Add-ons from the navigation pane. On the displayed page, view the plug-in in the Add-ons Installed area.
- The plug-in can be used only if the secret created in DEW is used. Otherwise, the pod cannot run. For details about how to create a secret, see Creating a Secret.
- Use the plug-in after it is installed. For details, see CCE Secrets Manager for DEW.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot