I noticed that when I am configuring encryption parameters on the kube-apiserver.yaml, the container dies and does not start again.
Same config works fine on another kubeadm-based installation i have and i suspect this is due to the fact that the playground uses Flannel CNI and my personal one runs Calico.
Can you please confirm if this the case please or correct me if i am wrong?
Also, may i please ask if encryption is part of CKS exam, as there is no lab on this topic in the CKS training?
Thanks
HI @djvassil
Can you tell us what you’re changing in the api server manifest - post the changed settings.
Thanks.
Hi @Alistair_KodeKloud
Here are the config changes i did and didn’t work yesterday:
root@controlplane /etc/kubernetes/etcd-encryption ➜ cat ec.yaml
apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
- resources:
- secrets
providers:
- aescbc:
keys:
- name: key1
secret:
- identity: {}
root@controlplane ~ ➜ cat /etc/kubernetes/manifests/kube-apiserver.yaml
...
- --encryption-provider-config=/etc/kubernetes/etcd-encryption/ec.yaml
...
...
volumeMounts:
- mountPath: /etc/kubernetes/etcd-encryption
name: etcd-encryption
readOnly: true
....
volumes:
- hostPath:
path: /etc/kubernetes/etcd-encryption
type: DirectoryOrCreate
name: etcd-encryption
Weirdly i tried that again today and it worked! Not sure that conclusion i can make from this…
Glad to hear you got it to work. Possible you made a subtle error that wasn’t repeated on the next attempt, or it was a bad lab invocation - which does occasionally happen.
Two tips.
- If you’re really sure the solution you gave is right, reset the lab and retry.
- When pasting code blocks in here, use the code block tool
</> on the message toolbar - it will then format nicely, like this
apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
secrets:
1 Like