This message was deleted.
# general
a
This message was deleted.
c
I then disabled the secrets-encrypt
How did you do that exactly? First of all its hardcoded on, second if you turn it off when it’s been previously enabled, everything will break because the apiserver will not be able to decrypt any of the secrets.
then used crictl to stop the container
which container did you stop? You shouldn’t poke at the control-plane static pods directly. Those should only be managed by rke2. If you change the RKE2 configuration and restart the rke2-server service, the pod configuration will be regenerated and the new configuration applied.
The officially approved way to disable it is to use the secrets-encrypt command: https://docs.rke2.io/subcommands/#secrets-encrypt
If you want to edit the config file yourself, you can do so, but it is not currently supported.
i
I used the secrets-encrypt disable subcommand, and then restarted the api-server, I want to use a kms or vault but can't seem to add them to the encryption-configuration.json that is why I was trying to overwrite it with my own
c
I don’t believe we’ve tested that