You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: AKS-Arc/aks-edge-howto-add-secrets-encryption-preview.md
+22-16Lines changed: 22 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,40 +28,46 @@ The KMS plugin will be supported for all AKS EE clusters version 1.10.xxx.0 and
28
28
> [!NOTE]
29
29
> You can only enable or disable the KMS Plugin when creating a new deployment. Once you set the flag, it can't be changed unless you remove the deployment or node.
30
30
31
-
1. Deploying the AKS EE clusters
32
-
Refer to the [AKS EE deployment guide](aks-edge-howto-deploy.md) to create a new AKS EE cluster.
33
-
The following line will be present if KMS plugin is enabled:
34
-
```powershell
35
-
Preparing to install kms-plugin as encryption provider...
31
+
1. Installing the KMS Plugin
32
+
- Install the single machine deployment using the [Single Machine Kubernetes guide](aks-edge-concept-clusters-nodes.md) guide
33
+
- During the first step in the single machine deployment process, create an **aksedge-config.json** file. In the **aksedge-config file**, in the Init section, set Init.KmsPlugin.Enable to True as shown below:
34
+
35
+
```JSON
36
+
"Init": {
37
+
"KmsPlugin": {
38
+
"Enable": true
39
+
}
40
+
}
36
41
```
42
+
A new deployment has been created when you see the following message:
43
+
:::image type="content" source="media/aks-edge/aks-ee-successful-deployement.jpg" alt-text="Screenshot showing new deployement." lightbox="media/aks-edge/aks-ee-successful-deployement.jpg":::
44
+
45
+
2. Validating KMS Installation
46
+
The following sections describe how to validate the KMS plugin installation for AKS EE cluster
37
47
38
48
**Create and retrieve a secret which is encrypted using KMS**
:::image type="content" source="media/aks-edge/aks-ee-successful-secret-create.jpg" alt-text="Screenshot showing secret creation and retrieval." lightbox="media/aks-edge/aks-ee-successful-secret-create.jpg":::
55
61
56
-
```
57
62
58
63
## Troubleshooting
59
64
If there are errors with the KMS plugin, please run the following commands.
60
65
61
66
1. Check that the AKS version is **1.10.xxx.0** and later
62
67
Use the following command to check for upgrades for Kubernetes Cluster. Please refer to [upgrade an AKS Cluster](aks-edge-howto-update.md) for more information.
63
-
```powershell
64
-
Get-AksEdgeCluster -Name <cluster-name> | Select-Object -ExpandProperty Version
68
+
69
+
```shell
70
+
az aks get-upgrades --resource-group myResourceGroup --name myAKSCluster --output table
65
71
```
66
72
2. View readyz api
67
73
If the problem persists, then validate that installation succeeded and to check the health of the KMS plugin run the following command and ensure that the health status of kms-providers is "ok"
@@ -71,7 +77,7 @@ If the problem persists, then validate that installation succeeded and to check
If you receive [-] before the 'kms-provider' field then collect Diagnostic Logs for debugging. Refer to the link instructions [here](aks-get-kubelet-logs.md) for more information.
80
+
If you receive [-] before the output then collect Diagnostic Logs for debugging. Refer to the link instructions [here](aks-get-kubelet-logs.md) for more information.
75
81
76
82
3. Repair KMS
77
83
If there are still errors then the machine running the AKS EE cluster could have been paused or turned off for extended periods of time (over 30 days) the Repair-Kms command can be run to rehydrates any necessary tokens to get KMS back in a healthy state.
0 commit comments