Encrypting Secret Data Stored in ETCD Database.

ECTD-ENCRYPTION
Kubernetes data Store flow.
  1. Create an encryption key.
head -c 32 /dev/urandom | base64
apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
- resources:
- secrets
providers:
- aescbc:
keys:
- name: key1
secret: <BASE 64 ENCODED SECRET>
- identity: {}
  • mkdir /etc/kubernetes/etcd
  • cp ec.yaml /etc/kubernetes/etcd/ec.yaml
- -encryption-provider-config=/etc/kubernetes/etcd/ec.yaml
$ kubectl create secret generic test-secret -n default — from-literal=user=admin$ ETCDCTL_API=3 etcdctl:2379 --endpoint=https://127.0.0.1 --cert /etc/kubernetes/pki/apiserver-etcd-client.crt --key /etc/kubernetes/pki/apiserver-etcd-client.key --cacert /etc/kubernetes/pki/etcd/ca.crt get /registry/secrets/default/new-secret

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store