No encryption-config.yaml

kelseyhightower / kubernetes-the-hard-way

Bootstrap Kubernetes the hard way. No scripts.

Apache License 2.0

41.26k stars 14.12k forks source link

No encryption-config.yaml #787

Open vaibhav17octo opened 5 months ago

vaibhav17octo commented 5 months ago

In the encryption key section. We have to create an encryption file from the following file by replacing the environment variable. However, the file is not present in the repository: configs/encryption-config.yaml

martopad commented 5 months ago

As a workaround, I skipped that step and removed the --encryption-provider-config flags on the .service files in the units folder.

nightbarron commented 5 months ago


kind: EncryptionConfiguration
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              secret: ${ENCRYPTION_KEY}
      - identity: {}

I created this in configs/encryption-config.yaml, and it worked

jimweller commented 5 months ago

Thanks @nightbarron. Your file got me through the labs. I also needed an apiVersion.

apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              secret: ${ENCRYPTION_KEY}
      - identity: {}

tzujui commented 5 months ago

As a workaround, the older commit from two months ago contains encryption-config.yaml https://github.com/kelseyhightower/kubernetes-the-hard-way/commit/a9cb5f7ba50b3ed496a18a09c273941f80c6375a#diff-404b56b95be0b6ab7483e7e18d8941ca7e9b472842d844874d25b97ed14b2b2dL20

DonkiKoi commented 4 months ago

FYI use the yaml provided by @jimweller, since the one provided by @nightbarron is missing the apiVersion. Without apiVersion the kube-apiserver can't read the encryption file and quits.