Most of the CLI commands used are mentioned in the table below.
|
Command used |
Purpose |
|---|---|
|
# docker load -i k8s-kms-plugin-hsm_v1.0.tar |
To load KMS plugin docker image. |
|
# chmod 755 kms_plugin_env_setup.sh |
To set all permission to owner. |
|
# ./kms_plugin_env_setup.sh |
To execute the environment setup script. |
|
# vi /etc/kubernetes/manifests/kms-plugin.yaml |
To create/edit KMS plugin yaml file. |
|
# vi /etc/kubernetes/manifests/kube-apiserver.yaml |
To edit kube-apiserver.yaml file. |
|
# vi /etc/kubernetes/encryption-config.yaml |
To create/edit encryption-config.yaml file. |
|
# kubectl create secret generic test-secret --from-literal=foo=bar |
To create a secret. |
|
# etcdctl get /registry/secrets/default/test-secret --print-value-only |
To verify encryption in etcd. |
|
# kubectl get pods -A |
To list all the pods running in Kubernetes cluster. |
|
# kubectl get secret test-secret -o yaml |
To verify decryption. |
|
# kubectl get secrets |
To view the created secrets. |
|
# kubectl get secrets --all-namespaces -o json | kubectl replace --force -f - |
To re encrypt existing secrets. |
|
# kubectl logs kms-plugin-v2-master-node -n kube-system |
To view the logs of KMS plugin pod running in the Kubernetes cluster. |
CLI commands used