I am unable to figure out how to change my kube-apiserver. The current version I am using from azure AKS is 1.13.7.
Below is what I need to change the kube-apiserver in kubernetes.
The kube-apiserver process accepts an argument --encryption-provider-config that controls how API data is encrypted in etcd.
Additionally, I am unable to find the kube-apiserver.
apiVersion: apiserver.config.k8s.io/v1
kind: EncryptionConfiguration
resources:
- resources:
- secrets
providers:
- identity: {}
- aesgcm:
keys:
- name: key1
secret: c2VjcmV0IGlzIHNlY3VyZQ==
- name: key2
secret: dGhpcyBpcyBwYXNzd29yZA==
- aescbc:
keys:
- name: key1
secret: c2VjcmV0IGlzIHNlY3VyZQ==
- name: key2
secret: dGhpcyBpcyBwYXNzd29yZA==
- secretbox:
keys:
- name: key1
secret: YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=I have tried to apply this yaml file but the error I get is below.
error: unable to recognize "examplesecret.yaml": no matches for kind "EncryptionConfiguration" in version "apiserver.config.k8s.io/v1"
Created aks cluster in azure. Used example encryption yaml file. Expected to be able to create rest secrets. The results I get are unable to create.
The Kind: EncryptionConfiguration is understood only by the api-server via the flag --encryption-provider-config= (ref); in AKS, there’s no way to pass that flag to the api-server, as it’s a managed service. Feel free to request the feature in the public forum.