Is --encryption-provider-config set on LKE?

I've been following this guide and was wondering if --encryption-provider-config is set on the LKE kube-apiserver?

I don't think LKE customers have access to the kube-apiserver to set this option.

3 Replies

Since LKE is a managed service, the kube-apiserver is managed on our end and not visible on the user end. Currently, we do not support encrypted secret data at rest within the kube-apiserver of LKE clusters.

That said, I can completely understand the desire to encrypt your data, so I've added your feedback to our internal tracker. While I cannot promise if/when we would implement this change, please know that we heavily factor customer feedback when prioritizing new feature requests or improvements.

Hi, i did a brief search on how the managed part of LKE is designed but could find whether it uses encryption at rest itself (i assume so) and if each customers dataset uses its own key.

We enjoy using linode, yet we cannot use it for our production system as it does not meet our security requirements.

That's my part on "customer feedback" :-)

Best wishes,


I'd like to expand on your question a bit further @dogman. The guide is targeted at Kubernetes administrators who are looking to secure their own non-managed Kubernetes clusters.

With LKE we manage the control plane of the cluster for you. This is why you are not able to access kube-apiserver. Please note that LKE does encrypt secrets by default.

If you're looking for additional ways to secure your cluster, you may be interested in implementing RBAC with LKE or looking into configuring a firewall as well. You can refer to the following guides:

@mfechtner noted!


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct