No encryption-config.yaml

kelseyhightower / kubernetes-the-hard-way

Bootstrap Kubernetes the hard way. No scripts.

Apache License 2.0

39.77k stars 13.65k forks source link

No encryption-config.yaml #787

Open vaibhav17octo opened 1 month ago

vaibhav17octo commented 1 month ago

In the encryption key section. We have to create an encryption file from the following file by replacing the environment variable. However, the file is not present in the repository: configs/encryption-config.yaml

martopad commented 1 month ago

As a workaround, I skipped that step and removed the --encryption-provider-config flags on the .service files in the units folder.

nightbarron commented 1 month ago


kind: EncryptionConfiguration
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              secret: ${ENCRYPTION_KEY}
      - identity: {}

I created this in configs/encryption-config.yaml, and it worked

jimweller commented 3 weeks ago

Thanks @nightbarron. Your file got me through the labs. I also needed an apiVersion.

apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              secret: ${ENCRYPTION_KEY}
      - identity: {}

tzujui commented 2 weeks ago

As a workaround, the older commit from two months ago contains encryption-config.yaml https://github.com/kelseyhightower/kubernetes-the-hard-way/commit/a9cb5f7ba50b3ed496a18a09c273941f80c6375a#diff-404b56b95be0b6ab7483e7e18d8941ca7e9b472842d844874d25b97ed14b2b2dL20

DonkiKoi commented 1 week ago

FYI use the yaml provided by @jimweller, since the one provided by @nightbarron is missing the apiVersion. Without apiVersion the kube-apiserver can't read the encryption file and quits.