Ctrlk

How to Verify if the ETCD Secrets Are Encrypted or Not?

Problem

Environment

  • Platform9 Managed Kubernetes - v5.2 and above

  • Kubernetes v1.20 and above

  • Docker or Containerd

Answer

  • ETCD secret encryption can be verified with the help of etcdctl command line utility.

  • ETCD secrets are stored at the path /registry/secrets/$namespace/$secret on the master node.

  • The below command can be used to verify if the particular ETCD secret is encrypted or not.

# ETCDCTL_API=3 etcdctl get /registry/secrets/default/secret1 [...] | hexdump -C
{% endtab %}
{% tab language="bash" title="Containerd" %}
# /opt/pf9/pf9-kube/bin/etcdctl --cacert=/etc/pf9/kube.d/certs/etcdctl/etcd/ca.crt --cert=/etc/pf9/kube.d/certs/etcdctl/etcd/request.crt --key=/etc/pf9/kube.d/certs/etcdctl/etcd/request.key  get /registry/secrets/default/secret1 [...] | hexdump -C
PreviousHow-To Implement CPU and Memory System Reservation for Kubernetes NodesNextHow to Allow Unsafe Sysctls on a PMK Cluster

Last updated