بِسْمِ اللَّهِ الرَّحْمَنِ الرَّحِيم

Generating the Data Encryption Config and Key (Kubernetes The Hardway)

Lanjutkeunn, Lab part 4 Kubernetes stores a variety of data including cluster state, application configurations, and secrets. Kubernetes supports the ability to encrypt cluster data at rest.

In this lab you will generate an encryption key and an encryption config suitable for encrypting Kubernetes Secrets.

The Encryption Key

Generate an encryption key:

ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64)

The Encryption Config File

Create the encryption-config.yaml encryption config file:

cat > encryption-config.yaml <<EOF
kind: EncryptionConfig
apiVersion: v1
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              secret: ${ENCRYPTION_KEY}
      - identity: {}
EOF

Copy the encryption-config.yaml encryption config file to each controller instance:

for instance in controller-0 controller-1 controller-2; do
  lxc file push encryption-config.yaml ${instance}/root/
done

Lanjutnye: Bootstrapping the etcd Cluster - Part 5

Gaskunnnn

Referensi

• https://github.com/kelseyhightower/kubernetes-the-hard-way/tree/1.12.0
• Kubernetes The Hard Way Just me and Opensource

Happy, Enjoy Ngoprek ~