Encrypt etcd secrets for Azure Kubernetes Service clusters

Applies to: AKS on Azure Stack HCI 22H2, AKS on Windows Server

This article describes how to monitor and troubleshoot the encryption of etcd secrets for Azure Kubernetes Service (AKS) management clusters and workload clusters in AKS enabled by Azure Arc.

A secret in Kubernetes is an object that contains a small amount of sensitive data, such as passwords and SSH keys. In the Kubernetes API server, secrets are stored in etcd, which is a highly available key values store used as the Kubernetes backing store for all cluster data. AKS Arc comes with encryption of etcd secrets and automates the management and rotation of encryption keys.

Monitor and troubleshoot

To simplify application deployment on Kubernetes clusters, review the documentation and scripts.

Note

You can find the logs on the control plane node under /var/log/pods.

Next steps