RKE2/K3S - Secrets Encryption

[sowmyav27]

Automation test for Secrets Encryption

Cluster info:

• Node driver k3s
• 3 etcd, 2 cp and 3 worker nodes
• latest available default kubernetes version

Tests for k3s:

• [ ] Enable during cluster deployment → Verify it is enabled --> Deploy secrets --> Verify if the secrets are encrypted by attaching to a workload and reading it in the workload
• [ ] Disable secrets encryption → Verify it is disabled --> Deploy secrets --> Verify if the secrets are NOT encrypted by attaching to a workload and reading it in the workload and must be in plain text

---

Cluster info:

• Node driver RKE2 (to be written for k3s also)
• 3 etcd, 2 cp and 3 worker nodes
• latest available default kubernetes version

Tests for RKE2:

• [ ] Enable during cluster deployment → Verify it is enabled --> Deploy secrets --> Verify if the secrets are encrypted by attaching to a workload and reading it in the workload

As of now, the Secrets are encrypted by default for RKE2 clusters and it is not possible to disable it from UI, hence the test is only suppose to be written for the RKE2 cluster with secret encryption enabled.

[vivek-shilimkar]

@sowmyav27 Are we suppose to write the test for RKE1 as well?

[slickwarren]

this is covered in v2prov testing. We could look into extending the tests in v2 prov or writing our own for the go framework