kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #31387 from avoidik/patch-2 

Update encrypt-data.md - multi-master configuration notice
This commit is contained in:
Kubernetes Prow Robot 2022-02-01 05:48:18 -08:00 committed by GitHub
parent 3aed543250 241e635197
commit f53f7e9203
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
content/en/docs/tasks/administer-cluster/encrypt-data.md
View File

@ -27,6 +27,11 @@ The `kube-apiserver` process accepts an argument `--encryption-provider-config`
that controls how API data is encrypted in etcd. An example configuration that controls how API data is encrypted in etcd. An example configuration
is provided below. is provided below.
{{< caution >}}
**IMPORTANT:** For multi-master configurations (with two or more control plane nodes) the encryption configuration file must be the same!
Otherwise, the kube-apiserver can't decrypt data stored inside the key-value store.
{{< /caution >}}
## Understanding the encryption at rest configuration. ## Understanding the encryption at rest configuration.
```yaml ```yaml