Skip to content

Commit 0069ccd

Browse files
authored
Merge pull request #17133 from sethmanheim/kmsupd2-20
Pull commits for KMS plugin updates
2 parents 491117d + ce8d5c9 commit 0069ccd

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

49 files changed

+599
-2945
lines changed

.openpublishing.redirection.azure-local.json

Lines changed: 175 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1734,6 +1734,181 @@
17341734
"source_path": "azure-local/manage/storage-repair-speed.md",
17351735
"redirect_url": "/windows-server/storage/storage-spaces/storage-repair-speed",
17361736
"redirect_document_id": false
1737+
},
1738+
{
1739+
"source_path": "azure-local/known-issues-2311.md",
1740+
"redirect_url": "/azure/azure-local/known-issues",
1741+
"redirect_document_id": false
1742+
},
1743+
{
1744+
"source_path": "azure-local/known-issues-2311-2.md",
1745+
"redirect_url": "/azure/azure-local/known-issues",
1746+
"redirect_document_id": false
1747+
},
1748+
{
1749+
"source_path": "azure-local/known-issues-2311-3.md",
1750+
"redirect_url": "/azure/azure-local/known-issues",
1751+
"redirect_document_id": false
1752+
},
1753+
{
1754+
"source_path": "azure-local/known-issues-2311-4.md",
1755+
"redirect_url": "/azure/azure-local/known-issues",
1756+
"redirect_document_id": false
1757+
},
1758+
{
1759+
"source_path": "azure-local/known-issues-2311-5.md",
1760+
"redirect_url": "/azure/azure-local/known-issues",
1761+
"redirect_document_id": false
1762+
},
1763+
{
1764+
"source_path": "azure-local/known-issues-2402.md",
1765+
"redirect_url": "/azure/azure-local/known-issues",
1766+
"redirect_document_id": false
1767+
},
1768+
{
1769+
"source_path": "azure-local/known-issues-2402-1.md",
1770+
"redirect_url": "/azure/azure-local/known-issues",
1771+
"redirect_document_id": false
1772+
},
1773+
{
1774+
"source_path": "azure-local/known-issues-2402-2.md",
1775+
"redirect_url": "/azure/azure-local/known-issues",
1776+
"redirect_document_id": false
1777+
},
1778+
{
1779+
"source_path": "azure-local/known-issues-2402-3.md",
1780+
"redirect_url": "/azure/azure-local/known-issues",
1781+
"redirect_document_id": false
1782+
},
1783+
{
1784+
"source_path": "azure-local/known-issues-2402-4.md",
1785+
"redirect_url": "/azure/azure-local/known-issues",
1786+
"redirect_document_id": false
1787+
},
1788+
{
1789+
"source_path": "azure-local/known-issues-2405.md",
1790+
"redirect_url": "/azure/azure-local/known-issues",
1791+
"redirect_document_id": false
1792+
},
1793+
{
1794+
"source_path": "azure-local/known-issues-2405-1.md",
1795+
"redirect_url": "/azure/azure-local/known-issues",
1796+
"redirect_document_id": false
1797+
},
1798+
{
1799+
"source_path": "azure-local/known-issues-2405-2.md",
1800+
"redirect_url": "/azure/azure-local/known-issues",
1801+
"redirect_document_id": false
1802+
},
1803+
{
1804+
"source_path": "azure-local/known-issues-2405-3.md",
1805+
"redirect_url": "/azure/azure-local/known-issues",
1806+
"redirect_document_id": false
1807+
},
1808+
{
1809+
"source_path": "azure-local/known-issues-2408.md",
1810+
"redirect_url": "/azure/azure-local/known-issues",
1811+
"redirect_document_id": false
1812+
},
1813+
{
1814+
"source_path": "azure-local/known-issues-2408-1.md",
1815+
"redirect_url": "/azure/azure-local/known-issues",
1816+
"redirect_document_id": false
1817+
},
1818+
{
1819+
"source_path": "azure-local/known-issues-2408-2.md",
1820+
"redirect_url": "/azure/azure-local/known-issues",
1821+
"redirect_document_id": false
1822+
},
1823+
{
1824+
"source_path": "azure-local/known-issues-2411.md",
1825+
"redirect_url": "/azure/azure-local/known-issues",
1826+
"redirect_document_id": false
1827+
},
1828+
{
1829+
"source_path": "azure-local/known-issues-2411-1.md",
1830+
"redirect_url": "/azure/azure-local/known-issues",
1831+
"redirect_document_id": false
1832+
},
1833+
{
1834+
"source_path": "azure-local/known-issues-2411-2.md",
1835+
"redirect_url": "/azure/azure-local/known-issues",
1836+
"redirect_document_id": false
1837+
},
1838+
{
1839+
"source_path": "azure-local/security-update/security-update-nov-2023.md",
1840+
"redirect_url": "/azure/azure-local/security-update/security-update",
1841+
"redirect_document_id": false
1842+
},
1843+
{
1844+
"source_path": "azure-local/security-update/security-update-dec-2023.md",
1845+
"redirect_url": "/azure/azure-local/security-update/security-update",
1846+
"redirect_document_id": false
1847+
},
1848+
{
1849+
"source_path": "azure-local/security-update/security-update-jan-2024.md",
1850+
"redirect_url": "/azure/azure-local/security-update/security-update",
1851+
"redirect_document_id": false
1852+
},
1853+
{
1854+
"source_path": "azure-local/security-update/security-update-feb-2024.md",
1855+
"redirect_url": "/azure/azure-local/security-update/security-update",
1856+
"redirect_document_id": false
1857+
},
1858+
{
1859+
"source_path": "azure-local/security-update/security-update-mar-2024.md",
1860+
"redirect_url": "/azure/azure-local/security-update/security-update",
1861+
"redirect_document_id": false
1862+
},
1863+
{
1864+
"source_path": "azure-local/security-update/security-update-apr-2024.md",
1865+
"redirect_url": "/azure/azure-local/security-update/security-update",
1866+
"redirect_document_id": false
1867+
},
1868+
{
1869+
"source_path": "azure-local/security-update/security-update-may-2024.md",
1870+
"redirect_url": "/azure/azure-local/security-update/security-update",
1871+
"redirect_document_id": false
1872+
},
1873+
{
1874+
"source_path": "azure-local/security-update/security-update-jun-2024.md",
1875+
"redirect_url": "/azure/azure-local/security-update/security-update",
1876+
"redirect_document_id": false
1877+
},
1878+
{
1879+
"source_path": "azure-local/security-update/security-update-jul-2024.md",
1880+
"redirect_url": "/azure/azure-local/security-update/security-update",
1881+
"redirect_document_id": false
1882+
},
1883+
{
1884+
"source_path": "azure-local/security-update/security-update-aug-2024.md",
1885+
"redirect_url": "/azure/azure-local/security-update/security-update",
1886+
"redirect_document_id": false
1887+
},
1888+
{
1889+
"source_path": "azure-local/security-update/security-update-sep-2024.md",
1890+
"redirect_url": "/azure/azure-local/security-update/security-update",
1891+
"redirect_document_id": false
1892+
},
1893+
{
1894+
"source_path": "azure-local/security-update/security-update-oct-2024.md",
1895+
"redirect_url": "/azure/azure-local/security-update/security-update",
1896+
"redirect_document_id": false
1897+
},
1898+
{
1899+
"source_path": "azure-local/security-update/security-update-nov-2024.md",
1900+
"redirect_url": "/azure/azure-local/security-update/security-update",
1901+
"redirect_document_id": false
1902+
},
1903+
{
1904+
"source_path": "azure-local/security-update/security-update-dec-2024.md",
1905+
"redirect_url": "/azure/azure-local/security-update/security-update",
1906+
"redirect_document_id": false
1907+
},
1908+
{
1909+
"source_path": "azure-local/security-update/security-update-jan-2025.md",
1910+
"redirect_url": "/azure/azure-local/security-update/security-update",
1911+
"redirect_document_id": false
17371912
}
17381913
]
17391914
}

AKS-Arc/aks-edge-deployment-config-json.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: Description of deployment configuration JSON parameters in AKS Edge
44
author: sethmanheim
55
ms.author: sethm
66
ms.topic: conceptual
7-
ms.date: 07/11/2024
7+
ms.date: 02/20/2025
88
ms.custom: template-concept
99
---
1010

@@ -21,6 +21,7 @@ You can find the complete JSON schema file at `C:\Program Files\AksEdge\aksedge-
2121
| `DeploymentType` |[`SingleMachineCluster` / `ScalableCluster`]| Specifies deployment type. In `ScalableCluster`, you can add more machines to the cluster infrastructure. | `SingleMachineCluster` |Single-machine and full deployment|
2222
| `Init.ServiceIPRangeStart` |IPv4 address `A.B.C.x`.|Reserved IP start address for your Kubernetes services. This IP range must be free on your subnet **A.B.C.0**.| None |Single-machine and full deployment|
2323
| `Init.ServiceIPRangeSize` |`[0-127]`|Number of reserved IP start addresses for your Kubernetes services. Based on the size, we allocate a range of free IP addresses on your subnet. | `0` |Single-machine and full deployment|
24+
| `Init.KmsPlugin.Enable` |Boolean| Enables the KMS plugin | false |Single-machine and full deployment|
2425
| `Join.ClusterJoinToken` |String|`Reserved` | None |Full deployment only|
2526
| `Join.DiscoveryTokenHash` |String|`Reserved`| None |Full deployment only|
2627
| `Join.CertificateKey` |String|`Reserved`| None |Full deployment only|

AKS-Arc/aks-edge-howto-secret-encryption.md

Lines changed: 19 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: Learn how to enable the KMS plugin for AKS Edge Essentials clusters
44
author: sethmanheim
55
ms.author: sethm
66
ms.topic: how-to
7-
ms.date: 02/13/2025
7+
ms.date: 02/20/2025
88
ms.custom: template-how-to
99
ms.reviewer: leslielin
1010
---
@@ -25,7 +25,7 @@ This article demonstrates how to activate the KMS plugin for AKS Edge Essentials
2525
The KMS plugin is supported for all AKS Edge Essentials clusters, version 1.10.xxx.0 and later.
2626

2727
> [!NOTE]
28-
> The KMS plugin can only be used for single node clusters. The plugin can't be used with [experimental features such as multi-node and Windows node](aks-edge-system-requirements.md#experimental-or-prerelease-features).
28+
> The KMS plugin can only be used for single node clusters. The plugin can't be used with [experimental features such as multi-node](aks-edge-system-requirements.md#experimental-or-prerelease-features).
2929
3030
## Enable the KMS plugin
3131

@@ -50,6 +50,22 @@ For deployment instructions, see [Single machine deployment](aks-edge-howto-sing
5050
> [!NOTE]
5151
> You can only enable or disable the KMS plugin when you create a new deployment. Once you set the flag, it can't be changed.
5252
53+
## Verify that the KMS plugin is enabled
54+
55+
To verify that the KMS plugin is enabled, run the following command and ensure that the health status of **kms-providers** is **OK**:
56+
57+
```powershell
58+
kubectl get --raw='/readyz?verbose'
59+
```
60+
61+
```output
62+
[+]ping ok
63+
[+]Log ok
64+
[+]etcd ok
65+
[+]kms-providers ok
66+
[+]poststarthook/start-encryption-provider-config-automatic-reload ok
67+
```
68+
5369
To create secrets in AKS Edge Essentials clusters, see [Managing Secrets using kubectl](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#use-raw-data) in the Kubernetes documentation.
5470

5571
If you encounter errors, see the [Troubleshooting](#troubleshooting) section.
@@ -66,19 +82,7 @@ If there are errors with the KMS plugin, follow this procedure:
6682

6783
If the version is older, upgrade to the latest version. For more information, see [Upgrade an AKS cluster](aks-edge-howto-update.md).
6884

69-
1. View the `readyz` API. If the problem persists, validate that the installation succeeded. To check the health of the KMS plugin, run the following command and ensure that the health status of **kms-providers** is **OK**:
70-
71-
```powershell
72-
kubectl get --raw='/readyz?verbose'
73-
```
74-
75-
```output
76-
[+]ping ok
77-
[+]Log ok
78-
[+]etcd ok
79-
[+]kms-providers ok
80-
[+]poststarthook/start-encryption-provider-config-automatic-reload ok
81-
```
85+
1. View the `readyz` API. If the problem persists, verify that the KMS plugin is enabled. See the [Verify that the KMS plugin is enabled](#verify-that-the-kms-plugin-is-enabled) section.
8286

8387
If you receive "**[-]**" before the `kms-providers` field, collect diagnostic logs for debugging. For more information, see [Get kubelet logs from cluster nodes](aks-get-kubelet-logs.md).
8488

AKS-Arc/aks-edge-workload-identity.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: Learn how to configure an AKS Edge Essentials cluster with workload
44
author: sethmanheim
55
ms.author: sethm
66
ms.topic: how-to
7-
ms.date: 02/12/2025
7+
ms.date: 02/20/2025
88
ms.reviewer: leslielin
99

1010
---

AKS-Arc/reference/aks-edge-ps/TOC.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,8 @@
4242
href: remove-aksedgedeployment.md
4343
- name: Remove-AksEdgeNode
4444
href: remove-aksedgenode.md
45+
- name: Repair-AksEdgeKms
46+
href: repair-aksedgekms.md
4547
- name: Set-AksEdgeNodeToDrain
4648
href: set-aksedgenodetodrain.md
4749
- name: Set-AksEdgeUpgrade

AKS-Arc/reference/aks-edge-ps/index.md

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: PowerShell cmdlets for AKS Edge Essentials
44
author: rcheeran
55
ms.author: rcheeran
66
ms.topic: reference
7-
ms.date: 01/31/2023
7+
ms.date: 02/20/2025
88
---
99

1010
# AKS Edge Essentials PowerShell module
@@ -91,13 +91,17 @@ Removes the deployment from an existing cluster.
9191

9292
Removes a local node from an existing cluster.
9393

94+
### [Repair-AksEdgeKms](./repair-aksedgekms.md)
95+
96+
Repairs the KMS plugin for an existing cluster.
97+
9498
### [Set-AksEdgeBillingPodState](./set-aksedgebillingpodstate.md)
9599

96-
Allows AIDE front end to set Billing pod state after joining Arc through Azure CLI.
100+
Allows AIDE front end to set Billing pod state after joining Arc through Azure CLI.
97101

98102
### [Set-AksEdgeNodeConnectivityMode](./set-aksedgenodeconnectivitymode.md)
99103

100-
Sets AKS Edge Essentials node connectivity mode.
104+
Sets AKS Edge Essentials node connectivity mode.
101105

102106
### [Set-AksEdgeNodeToDrain](./set-aksedgenodetodrain.md)
103107

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
---
2+
title: Repair-AksEdgeKms for AKS Edge
3+
description: The Repair-AksEdgeKms command repairs the KMS plugin for an existing cluster
4+
author: sethmanheim
5+
ms.topic: reference
6+
ms.date: 2/20/2025
7+
ms.author: sethm
8+
ms.lastreviewed: 2/20/2025
9+
ms.reviewer: khareanushka
10+
11+
---
12+
13+
14+
# Repair-AksEdgeKms
15+
16+
Repairs the KMS plugin for an existing cluster.
17+
18+
## Syntax
19+
20+
```powershell
21+
Repair-AksEdgeKms
22+
```
23+
24+
## Description
25+
26+
This command repairs the KMS plugin for an existing cluster. This function is supported only for single node and scalable clusters. To get the KMS plugin back to a healthy state, the command rehydrates **nodeagent** tokens required for key rotation.
27+
28+
## Examples
29+
30+
### Repair the KMS plugin
31+
32+
```powershell
33+
Repair-AksEdgeKms
34+
```
35+
36+
### CommonParameters
37+
38+
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
39+
40+
## Next steps
41+
42+
[AksEdge PowerShell Reference](./index.md)

0 commit comments

Comments
 (0)