Encrypt etcd secrets for Azure Kubernetes Service clusters
Applies to: AKS on Azure Stack HCI 22H2, AKS on Windows Server
This article describes how to monitor and troubleshoot the encryption of etcd secrets for Azure Kubernetes Service (AKS) management clusters and workload clusters in AKS enabled by Azure Arc.
A secret in Kubernetes is an object that contains a small amount of sensitive data, such as passwords and SSH keys. In the Kubernetes API server, secrets are stored in etcd, which is a highly available key values store used as the Kubernetes backing store for all cluster data. AKS Arc comes with encryption of etcd secrets and automates the management and rotation of encryption keys.
Monitor and troubleshoot
To simplify application deployment on Kubernetes clusters, review the documentation and scripts.
- To set up logging using Elasticsearch, Fluent Bit, and Kibana, follow the steps to install the tools and set up logging.
- To use the monitoring tool Prometheus, follow the steps to install Prometheus in a Kubernetes cluster.
Note
You can find the logs on the control plane node under /var/log/pods.
Additional resources
Next steps
In this how-to guide, you learned how to monitor and troubleshoot the encryption of etcd secrets for management and workload clusters. Next, you can:
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for