You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/osd-create-cluster-ccs.adoc
+8-4Lines changed: 8 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -168,17 +168,21 @@ With *Use Custom KMS keys* selected:
168
168
... Select a key name from the *Key name* drop-down menu.
169
169
... Provide the *KMS Service Account*.
170
170
+
171
+
172
+
.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
173
+
+
174
+
[NOTE]
175
+
====
176
+
If *Enable FIPS cryptography* is selected, *Enable additional etcd encryption* is enabled by default and cannot be disabled. You can select *Enable additional etcd encryption* without selecting *Enable FIPS cryptography*.
177
+
====
171
178
endif::osd-on-gcp[]
172
-
.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
179
+
.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but the keys are not. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
173
180
+
174
181
[NOTE]
175
182
====
176
183
By enabling etcd encryption for the key values in etcd, you will incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
177
184
====
178
185
+
179
-
ifdef::osd-on-gcp[]
180
-
.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
181
-
endif::osd-on-gcp[]
182
186
ifdef::osd-on-aws[]
183
187
.. Optional: Select *Encrypt persistent volumes with customer keys* if you want to provide your own
184
188
AWS Key Management Service (KMS) key Amazon Resource Name (ARN).
Copy file name to clipboardExpand all lines: modules/osd-create-cluster-gcp-account.adoc
+7-4Lines changed: 7 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -64,15 +64,18 @@ With *Use Custom KMS keys* selected:
64
64
... Provide the *KMS Service Account*.
65
65
66
66
+
67
-
.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption.
68
-
With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
67
+
.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
69
68
+
70
69
[NOTE]
71
70
====
72
-
By enabling etcd encryption for the key values in etcd, you incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
71
+
If *Enable FIPS cryptography* is selected, *Enable additional etcd encryption* is enabled by default and cannot be disabled. You can select *Enable additional etcd encryption* without selecting *Enable FIPS cryptography*.
73
72
====
73
+
.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but the keys are not. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
74
74
+
75
-
.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
75
+
[NOTE]
76
+
====
77
+
By enabling etcd encryption for the key values in etcd, you incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
Copy file name to clipboardExpand all lines: modules/osd-create-cluster-red-hat-account.adoc
+13-2Lines changed: 13 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -64,6 +64,8 @@ To customize the subdomain, select the *Create custom domain prefix* checkbox, a
64
64
.. Select a cluster version from the *Version* drop-down menu.
65
65
.. Select a cloud provider region from the *Region* drop-down menu.
66
66
.. Select a *Single zone* or *Multi-zone* configuration.
67
+
.. Select a *Persistent storage* capacity for the cluster. For more information, see the _Storage_ section in the {product-title} service definition.
68
+
.. Specify the number of *Load balancers* that you require for your cluster. For more information, see the _Load balancers_ section in the {product-title} service definition.
67
69
+
68
70
ifdef::osd-on-gcp[]
69
71
.. Optional: Select *Enable Secure Boot for Shielded VMs* to use Shielded VMs when installing your cluster. For more information, see link:https://cloud.google.com/security/products/shielded-vm[Shielded VMs].
@@ -74,15 +76,24 @@ To successfully create a cluster, you must select *Enable Secure Boot support fo
74
76
====
75
77
+
76
78
endif::osd-on-gcp[]
77
-
.. Select a *Persistent storage* capacity for the cluster. For more information, see the _Storage_ section in the {product-title} service definition.
78
-
.. Specify the number of *Load balancers* that you require for your cluster. For more information, see the _Load balancers_ section in the {product-title} service definition.
79
79
.. Leave *Enable user workload monitoring* selected to monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. This option is enabled by default.
80
+
ifdef::osd-on-gcp[]
81
+
. Optional: Expand *Advanced Encryption* to make changes to encryption settings.
82
+
+
83
+
.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
84
+
+
85
+
[NOTE]
86
+
====
87
+
If *Enable FIPS cryptography* is selected, *Enable additional etcd encryption* is enabled by default and cannot be disabled. You can select *Enable additional etcd encryption* without selecting *Enable FIPS cryptography*.
88
+
====
89
+
endif::osd-on-gcp[]
80
90
.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
81
91
+
82
92
[NOTE]
83
93
====
84
94
By enabling etcd encryption for the key values in etcd, you will incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
85
95
====
96
+
+
86
97
.. Click *Next*.
87
98
88
99
. On the *Default machine pool* page, select a *Compute node instance type* and a *Compute node count*. The number and types of nodes that are available depend on your {product-title} subscription. If you are using multiple availability zones, the compute node count is per zone.
Copy file name to clipboardExpand all lines: modules/osd-create-cluster-rhm-gcp-account.adoc
+7-4Lines changed: 7 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -64,15 +64,18 @@ With *Use Custom KMS keys* selected:
64
64
... Provide the *KMS Service Account*.
65
65
66
66
+
67
-
.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption.
68
-
With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
67
+
.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
69
68
+
70
69
[NOTE]
71
70
====
72
-
By enabling etcd encryption for the key values in etcd, you incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
71
+
If *Enable FIPS cryptography* is selected, *Enable additional etcd encryption* is enabled by default and cannot be disabled. You can select *Enable additional etcd encryption* without selecting *Enable FIPS cryptography*.
73
72
====
73
+
.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
74
74
+
75
-
.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
75
+
[NOTE]
76
+
====
77
+
By enabling etcd encryption for the key values in etcd, you incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
0 commit comments