search

MicrosoftDocs / azure-aks-docs

Public sync with private repo azure-aks-docs-pr
Creative Commons Attribution 4.0 International
3 stars 51 forks source link

AKS Learn feedback: Limitations for KMS etcd encryption to AKS need to be updated. #30

Closed christianag54 closed 1 month ago

christianag54 commented 2 months ago

Type of issue

Missing information

Feedback

One of the limitations listed here

https://learn.microsoft.com/en-us/azure/aks/use-kms-etcd-encryption#limitations "If a cluster has KMS turned on, has a private key vault, it must use the API Server VNet integration tunnel. Konnectivity is not supported."

This is missing a critical statement which used to be in a prior commit/version of that same doc which is "If a cluster has KMS turned on, has a private key vault, and isn't using the API Server VNet integration tunnel, you can't stop and then start the cluster." this specifically "can't stop and then start the cluster" needs to be added back since that hasn't changed and the stop operations isn't supported with that setup.

Page URL

https://learn.microsoft.com/en-us/azure/aks/use-kms-etcd-encryption

Content source URL

https://github.com/MicrosoftDocs/azure-aks-docs/blob/main/articles/aks/use-kms-etcd-encryption.md

Author

@schaffererin

Document Id

b5ec3a1e-88c2-8dcb-05f7-226a633718a1

schaffererin commented 1 month ago

assign:schaffererin

schaffererin commented 1 month ago

Hi, @christianag54, thank you for your feedback! The limitation states that "if a cluster has KMS turned on and has a private key vault, it must use API Server VNet integration." This means that the previous statement that was removed is no longer valid. Since no updates are needed to the content, I'm going to close out the GitHub issue. Thanks again! #please-close