Information
Encrypt etcd key-value store.
Rationale:
etcd is a highly available key-value store used by Kubernetes deployments for persistent storage of all of its REST API objects. These objects are sensitive in nature and should be encrypted at rest to avoid any disclosures.
Solution
Follow the Kubernetes documentation and configure a `EncryptionConfig` file. Then, edit the `/etc/kubernetes/apiserver` file on the master node and set the `KUBE_API_ARGS` parameter to `'--experimental-encryption-provider-config='`: `KUBE_API_ARGS='--experimental-encryption-provider-config='`
Based on your system, restart the `kube-apiserver` service. For example: `systemctl restart kube-apiserver.service`
Impact:
None