miwithro
miwithro
@https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview
@nilekhc with base64 yes. We are adding kms to AKS next month.
@clauney etcd by default is encrypted with base64 encoding. So we are adding KMS to make it more secure, and until that is there we recommend to not put secrets...
@clauney actually I recommend customers use CSI Secret Store https://docs.microsoft.com/en-us/azure/aks/csi-secrets-store-driver That externalizes the secrets, AKV can rotate the secrets, and it is an Azure supported solution. Once KMS comes out,...
@ahmad-hamade We will have a Public Preview within the next few weeks of KMS. This will not include key rotation support, as that is targeted for GA.
@LiorAlafiArmo we are releasing KMS etcd encrytion for AKS in Public Preview in the next few weeks as I eluded too above. I will refactor the document at that time.
https://docs.microsoft.com/en-us/azure/aks/use-kms-etcd-encryption
Tentatively Aug 2022.
@lireanne I will add a note to the document about this. Please run az aks update --name --resource-group --enable-managed-identity --assign-identity $IDENTITY_RESOURCE_ID Then run az aks update --name --resource-group --enable-managed-identity --assign-identity...