You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: AKS-Arc/aks-edge-howto-add-secrets-encryption-preview.md
+16-22Lines changed: 16 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,46 +28,40 @@ The KMS plugin will be supported for all AKS EE clusters version 1.10.xxx.0 and
28
28
> [!NOTE]
29
29
> You can only enable or disable the KMS Plugin when creating a new deployment. Once you set the flag, it can't be changed unless you remove the deployment or node.
30
30
31
-
1. Installing the KMS Plugin
32
-
- Install the single machine deployment using the [Single Machine Kubernetes guide](aks-edge-concept-clusters-nodes.md) guide
33
-
- During the first step in the single machine deployment process, create an **aksedge-config.json** file. In the **aksedge-config file**, in the Init section, set Init.KmsPlugin.Enable to True as shown below:
34
-
35
-
```JSON
36
-
"Init": {
37
-
"KmsPlugin": {
38
-
"Enable": true
39
-
}
40
-
}
31
+
1. Deploying the AKS EE clusters
32
+
Refer to the [AKS EE deployment guide](aks-edge-howto-deploy.md) to create a new AKS EE cluster.
33
+
The following line will be present if KMS plugin is enabled:
34
+
```powershell
35
+
Preparing to install kms-plugin as encryption provider...
41
36
```
42
-
A new deployment has been created when you see the following message:
43
-
:::image type="content" source="media/aks-edge/aks-ee-successful-deployement.jpg" alt-text="Screenshot showing new deployement." lightbox="media/aks-edge/aks-ee-successful-deployement.jpg":::
44
-
45
-
2. Validating KMS Installation
46
-
The following sections describe how to validate the KMS plugin installation for AKS EE cluster
47
37
48
38
**Create and retrieve a secret which is encrypted using KMS**
If there are errors with the KMS plugin, please run the following commands.
65
60
66
61
1. Check that the AKS version is **1.10.xxx.0** and later
67
62
Use the following command to check for upgrades for Kubernetes Cluster. Please refer to [upgrade an AKS Cluster](aks-edge-howto-update.md) for more information.
68
-
69
-
```shell
70
-
az aks get-upgrades --resource-group myResourceGroup --name myAKSCluster --output table
63
+
```powershell
64
+
Get-AksEdgeCluster -Name <cluster-name> | Select-Object -ExpandProperty Version
71
65
```
72
66
2. View readyz api
73
67
If the problem persists, then validate that installation succeeded and to check the health of the KMS plugin run the following command and ensure that the health status of kms-providers is "ok"
@@ -77,7 +71,7 @@ If the problem persists, then validate that installation succeeded and to check
If you receive [-] before the output then collect Diagnostic Logs for debugging. Refer to the link instructions [here](aks-get-kubelet-logs.md) for more information.
74
+
If you receive [-] before the 'kms-provider' field then collect Diagnostic Logs for debugging. Refer to the link instructions [here](aks-get-kubelet-logs.md) for more information.
81
75
82
76
3. Repair KMS
83
77
If there are still errors then the machine running the AKS EE cluster could have been paused or turned off for extended periods of time (over 30 days) the Repair-Kms command can be run to rehydrates any necessary tokens to get KMS back in a healthy state.
0 commit comments