The purpose of the prototype is to provide a deployment of the Kubernetes Apiserver where the etcd store is encrypted. This requires the addition of an encryption configuration yaml, and modifications to the default configuration for the kubernetes apiserver within minikube. As the apiserver configuration is programmatically generated within minikube, these changes must be made after minikube has started.
| Core Infrastructure | Version |
|---|---|
| Minikube | 1.34.0 |
| Kubernetes | 1.31.0 |
| Docker | 27.2.0 |
| Name | Description |
|---|---|
| Ubuntu | 20.04.6 LTS |
| Processor | Intel® Core™ i7-7700K CPU @ 4.20GHz × 8 |
| Memory | 64 GB |
Instructions for deploying the Core Infrastructure Dependencies listed above are NOT included within this set of Prototypes as there are numerous targeted deployment instructions for each better suited for your particular OS.
Note :
The commands within the script file (Step-1-startMinikube.sh) are meant to be copy pasted (one or a few lines at a time) into a terminal, and not run as an automated bash script.
Steps used within this prototype are as follows:
- Delete existing minikube
- Create fresh minikube
- Enable and open dashboard
- Generate the etcd encryption key
- Load the encryption key into the encryptConfig.yaml
- Mount a minikube directory
- Create encryption directories and copy encryptConfig.yaml to it.
- Change to the manifests directory where the apiserver.yaml is
- Edit the apiserver.yaml by adding 3 lines/sections configuring the encryption.
- Let the apiserver refresh itself within minikube
- Test the changes are successful.
Whenever the command "minikube start" is run the configuration must be re-configured. This is because a start will revert the apiserver configuration to the programmatically generated one.
A restartMinikube.sh script has been provided to do this. It basically follows the same steps as above.