k8s thw 06 - encryption config
i run this commands directly on my hypervisor and transfer the files to the maschines lately
# set shell variable for the encryption key
> ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64)
the encryption config
file
cat > encryption-config.yaml <<EOF
kind: EncryptionConfig
apiVersion: v1
resources:
- resources:
- secrets
providers:
- aescbc:
keys:
- name: key1
secret: ${ENCRYPTION_KEY}
- identity: {}
EOF
copy the encryption-config.yaml
encryption config file to each controller instance
for instance in master-1 master-2; do
scp encryption-config.yaml ${instance}:~/
done
the following part does not work by me cause the
/var/lib/kubernetes
directory not exist at this moment - but the cluster will still work without this files
move encryption-config.yaml
encryption config file to appropriate directory
for instance in master-1 master-2; do
ssh ${instance} sudo mv encryption-config.yaml /var/lib/kubernetes/
done
— copyleft —
all commands shown on this page are from
mmumshad’s fork of “kubernetes-the-hard-way” by kelseyhightower
on github
19-09-2021