Encryption¶

Kubernetes stores a variety of data including cluster state, application configurations, and secrets. Kubernetes supports the ability to encrypt cluster data at rest.

In order to use this ability to encrypt data at rest, each member of the control plane has to know the encryption key.

So we will have to create one.

Encryption configuration¶

We have to create a encryption key first. For the sake of embedding it into a yaml file, we will have to encode it to base64.

ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64)

Install scripts¶

Make sure you're in k8s-the-hard-way/scripts

./encryption.sh