Vai al contenuto

Lab 6: Generating the Data Encryption Configuration and Key

Info

This is a fork of the original "Kubernetes the hard way" originally written by Kelsey Hightower (GitHub: kelseyhightower). Unlike the original, which bases itself on Debian-like distributions for the ARM64 architecture, this fork targets Enterprise Linux distributions such as Rocky Linux, which runs on x86_64 architecture.

Kubernetes stores various data, including cluster state, application configurations, and secrets. Kubernetes enables encrypt cluster data at rest.

In this lab, you will generate an encryption key and an encryption configuration suitable for encrypting Kubernetes Secrets.

The Encryption Key

Generate an encryption key:

export ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64)

The Encryption Configuration File

Create the encryption-config.yaml encryption configuration file:

envsubst < configs/encryption-config.yaml \
  > encryption-config.yaml

Copy the encryption-config.yaml encryption configuration file to each controller instance:

scp encryption-config.yaml root@server:~/

Next: Bootstrapping the etcd Cluster

Author: Wale Soyinka

Contributors: Steven Spencer, Ganna Zhyrnova