Information
Where etcd encryption is used, appropriate providers should be configured.
Rationale:
Where etcd encryption is used, it is important to ensure that the appropriate set of encryption providers is used. Currently, the aescbc, kms and secretbox are likely to be appropriate options.
Solution
Follow the Kubernetes documentation and configure a EncryptionConfig file. In this file, choose aescbc, kms or secretbox as the encryption provider.
Impact:
None
Default Value:
By default, no encryption provider is set.
References:
https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
https://acotten.com/post/kube17-security
https://kubernetes.io/docs/admin/kube-apiserver/
https://github.com/kubernetes/features/issues/92
https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#providers