Is --encryption-provider-config set on LKE?

Since LKE is a managed service, the kube-apiserver is managed on our end and not visible on the user end. Currently, we do not support encrypted secret data at rest within the kube-apiserver of LKE clusters.

That said, I can completely understand the desire to encrypt your data, so I've added your feedback to our internal tracker. While I cannot promise if/when we would implement this change, please know that we heavily factor customer feedback when prioritizing new feature requests or improvements.

Hi, i did a brief search on how the managed part of LKE is designed but could find whether it uses encryption at rest itself (i assume so) and if each customers dataset uses its own key.

We enjoy using linode, yet we cannot use it for our production system as it does not meet our security requirements.

That's my part on "customer feedback" :-)

Best wishes,

Moritz

I'd like to expand on your question a bit further @dogman. The guide is targeted at Kubernetes administrators who are looking to secure their own non-managed Kubernetes clusters.

With LKE we manage the control plane of the cluster for you. This is why you are not able to access kube-apiserver. Please note that LKE does encrypt secrets by default.

If you're looking for additional ways to secure your cluster, you may be interested in implementing RBAC with LKE or looking into configuring a firewall as well. You can refer to the following guides:

• Getting Started with LKE (Linode Kubernetes Engine) | Linode Docs
• Securing k8s cluster (19155) | Linode Questions

@mfechtner noted!