k8s thw 06 - encryption config :: x33u

i run this commands directly on my hypervisor and transfer the files to the maschines lately

# set shell variable for the encryption key
> ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64)

the `encryption config` file

cat > encryption-config.yaml <<EOF
kind: EncryptionConfig
apiVersion: v1
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              secret: ${ENCRYPTION_KEY}
      - identity: {}
EOF

copy the encryption-config.yaml encryption config file to each controller instance

for instance in master-1 master-2; do
  scp encryption-config.yaml ${instance}:~/
done

the following part does not work by me cause the /var/lib/kubernetes directory not exist at this moment - but the cluster will still work without this files

move encryption-config.yaml encryption config file to appropriate directory

for instance in master-1 master-2; do
  ssh ${instance} sudo mv encryption-config.yaml /var/lib/kubernetes/
done

— copyleft —

all commands shown on this page are from mmumshad’s fork of “kubernetes-the-hard-way” by kelseyhightower on github

security | server | software | stuff

the encryption config file

the `encryption config` file