02/13/2023, 5:28 AM
Hi, I’m adding cluster encryption using AWS KMS. The suggested way is to run the aws-encryption-provider as a static pod on the controller nodes. This is for a Rancher(2.5.8) manager created rke cluster. I can’t find a way to to add a static pod. The current encryption provider we run a docker container directly, not a pod, static or other. I have searched for examples on how to add AWS KMS encryption to a rancher created cluster with no luck. Any suggestions or ideas?


02/23/2023, 10:16 AM
We’ve used terraform to spin up the cluster and we managed to get the static pods with the below snippet:
services {
  kubelet {
    extra_args = {
      pod-manifest-path = "/etc/kubelet.d/"
    extra_binds = [
🙌 1