Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No encryption-config.yaml #787

Open
vaibhav17octo opened this issue May 30, 2024 · 5 comments
Open

No encryption-config.yaml #787

vaibhav17octo opened this issue May 30, 2024 · 5 comments

Comments

@vaibhav17octo
Copy link

In the encryption key section. We have to create an encryption file from the following file by replacing the environment variable.
However, the file is not present in the repository:
configs/encryption-config.yaml
@martopad
Copy link

martopad commented Jun 4, 2024
edited
Loading

As a workaround, I skipped that step and removed the --encryption-provider-config flags on the .service files in the units folder.

@nightbarron
Copy link

nightbarron commented Jun 5, 2024
edited
Loading 

kind: EncryptionConfiguration
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              secret: ${ENCRYPTION_KEY}
      - identity: {}

I created this in configs/encryption-config.yaml, and it worked

@jimweller
Copy link

Thanks @nightbarron. Your file got me through the labs. I also needed an apiVersion.

apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              secret: ${ENCRYPTION_KEY}
      - identity: {}

@tzujui
Copy link

tzujui commented Jun 24, 2024
edited
Loading

As a workaround, the older commit from two months ago contains encryption-config.yaml a9cb5f7#diff-404b56b95be0b6ab7483e7e18d8941ca7e9b472842d844874d25b97ed14b2b2dL20

@DonkiKoi
Copy link

DonkiKoi commented Jun 28, 2024
edited
Loading

FYI use the yaml provided by @jimweller, since the one provided by @nightbarron is missing the apiVersion. Without apiVersion the kube-apiserver can't read the encryption file and quits.

paterit added a commit to paterit/kubernetes-the-hard-way-ubuntu that referenced this issue Oct 23, 2024
@paterit
Fix kelseyhightower#787
032bec1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@tzujui @martopad @jimweller @nightbarron @DonkiKoi @vaibhav17octo