View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Is --encryption-provider-config set on LKE?
Log in to Ask a Question

Is --encryption-provider-config set on LKE?

kubernetes lke

I've been following this guide and was wondering if --encryption-provider-config is set on the LKE kube-apiserver?

I don't think LKE customers have access to the kube-apiserver to set this option.

4 Replies

Linode Staff

Since LKE is a managed service, the kube-apiserver is managed on our end and not visible on the user end. Currently, we do not support encrypted secret data at rest within the kube-apiserver of LKE clusters.

That said, I can completely understand the desire to encrypt your data, so I've added your feedback to our internal tracker. While I cannot promise if/when we would implement this change, please know that we heavily factor customer feedback when prioritizing new feature requests or improvements.

Hi, i did a brief search on how the managed part of LKE is designed but could find whether it uses encryption at rest itself (i assume so) and if each customers dataset uses its own key.

We enjoy using linode, yet we cannot use it for our production system as it does not meet our security requirements.

That's my part on "customer feedback" :-)

Best wishes,

Moritz

Linode Staff

I'd like to expand on your question a bit further @dogman. The guide is targeted at Kubernetes administrators who are looking to secure their own non-managed Kubernetes clusters.

With LKE we manage the control plane of the cluster for you. This is why you are not able to access kube-apiserver. Please note that LKE does encrypt secrets by default.

If you're looking for additional ways to secure your cluster, you may be interested in implementing RBAC with LKE or looking into configuring a firewall as well. You can refer to the following guides:

@mfechtner noted!

Thanks for answering, I appreciate you.You are correct; in a managed Kubernetes service like Linode's LKE, users typically do not have direct access to configure kube-apiserver options like --encryption-provider-config. Linode manages the control plane, and users interact with their cluster using Kubectl and the Kubernetes API. Being a student isn’t just about studying. It’s about experiencing new things, traveling, and living life. The academic workload can be daunting, but it’s part of the process. With the world of knowledge right at our fingertips, with books, the internet and expert professors at our fingertips, it’s not as intimidating as it might seem. Then this https://ukwritings.com/write-my-essay is the support that write my essay for me and The support that comes with the world of knowledge, with books, with the internet, and with expert professors at your fingertips. If you’ve ever wondered, ‘How can I write my essay for me?’, then you’ve come to the right place. Keep reading to find out more!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct