I am trying to integration AWS KMS plugin with kube-apiserver. I’m using aws-encryption-provider
docker image for my testing. I am running aws-encryption-provider as docker containter and when I am trying to run k3s single node cluster it is failing and failure is in kube-api-server.
Since KMS plugin and KMS provider communication is not setup, Is kube-api failure expected ?
Please note that I have confirmed that KMS plugin is up and running by sending //healthz request.
"[+]ping ok
\n[+]log ok
\n[+]etcd ok
\n[-]kms-provider-0 failed: reason withheld
\n[+]poststarthook/start-kube-apiserver-admission-initializer ok
\n[+]poststarthook/generic-apiserver-start-informers ok
\n[+]poststarthook/start-apiextensions-informers ok
\n[+]poststarthook/start-apiextensions-controllers ok
\n[+]poststarthook/crd-informer-synced ok
\n[+]poststarthook/bootstrap-controller ok
\n[+]poststarthook/rbac/bootstrap-roles ok
\n[+]poststarthook/scheduling/bootstrap-system-priority-classes ok
\n[+]poststarthook/start-cluster-authentication-info-controller ok
\n[+]poststarthook/start-kube-aggregator-informers ok
\n[+]poststarthook/apiservice-registration-controller ok
\n[+]poststarthook/apiservice-status-available-controller ok
\n[+]poststarthook/kube-apiserver-autoregistration ok
\n[+]autoregister-completion ok
\n[+]poststarthook/apiservice-openapi-controller ok
Cluster information:
Kubernetes version: v1.18.6+k3s1
Cloud being used: (put bare-metal if not on a public cloud)
Installation method: K3s
Host OS: Ubuntu
CNI and version:
CRI and version:
apiVersion: apps/v1
kind: Pod
metadata:
name: aws-encryption-provider
namespace: default
spec:
replicas: 1
containers:
- image: tapanhalani/aws-encryption-provider
name: ans-encryption-provider
command:- /aws-encryption-provider
- –key=arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
- –region=us-west-2
- –listen=/var/run/kmsplugin/socket.sock
ports: - containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: 8080
volumeMounts: - mountPath: /var/run/kmsplugin
name: var-run-kmsplugin
volumes:
- name: var-run-kmsplugin
hostPath:
path: /var/run/kmsplugin
type: DirectoryOrCreate