kubernetes-the-hard-way-on-lxd

This tutorial is based on Kelsey's tutorial to deploy Kubernetes 1.34.3 the hard way, but using LXC containers in a single host.

View on GitHub

Generating the Data Encryption Config and Key

Kubernetes stores a variety of data including cluster state, application configurations, and secrets. Kubernetes supports the ability to encrypt cluster data at rest.

In this lab you will generate an encryption key and an encryption config suitable for encrypting Kubernetes Secrets.

The Encryption Key

Generate an encryption key:

export ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64)

The Encryption Config File

Create the encryption-config.yaml encryption config file:

envsubst < configs/encryption-config.yaml \
  > encryption-config.yaml

Copy the encryption-config.yaml encryption config file to each master instance:

for instance in master-0 master-1 master-2; do
  lxc file push encryption-config.yaml ${instance}/home/ubuntu/  
done

Next: Bootstrapping the etcd Cluster