Frequently Asked Questions

Solutions

How Tos

How To Enable/Disable ETCD Backup Using Qbert API

Forcefully Delete Kubernetes Pod

Configure BASH Autocomplete for Kubectl CLI on MacOS X

Enable Alpha/Beta Features on Platform9 Managed Kubernetes API Server

Creating Multi-Master BareMetal Cluster on Platform9 Managed OpenStack VMs

Scale Master Nodes in AWS Clusters

How to Find ETCD Leader and Check ETCD Health

Enable Scheduler Container Logs to Track Pod Placement

How To Change Configuration for Kubelet Service on a Single Worker or Master Node in a PMK Cluster

Enable Debug Logging for Docker Daemon

Move VIP From Active Master Without Restarting the PMK Stack

How To Identify the Active Master Node in Platform9 Managed Kubernetes Cluster

How-to Grant Read-Only Access to the Kubernetes Dashboard

How to Prevent Container Runtime From Being Managed by Platform9

How-To: Identify The Virtual Interface of a Pod in the Root Namespace Using Flannel as the Network Backend

How To Persist Changes to CoreDNS ConfigMap on PMK Cluster

How To Modify/Add APIServer, ControllerManager & Scheduler Flags on an Existing Cluster

How To Change Configuration for Kubelet Service on All Worker or Master Nodes in a PMK Cluster

How-To Run Calicoctl Commands

How To Disable Partial Restarts of Nodeletd Phases

How To Prevent a Run Away Pod or Container From Using All Resources on the Node

How-To Enable MFA from the new UI?

How-To Use Helm 3 to Deploy Applications in Platform9 Managed Kubernetes Environment?

How-To Restore From ETCD Backup on a Multi-Master Cluster

How To Add/Modify Existing MetalLB Configuration via API

How To Ensure Nodelet Service Status Checks are Not Honored

How To Increase Docker Image Storage Pool Size

The PVC Remains In Pending State While Deploying Fission Using Helm Chart

Unable to Access Kubernetes Dashboard After Creating PMK Cluster

Error Creating Load Balancer (will retry): Failed To Ensure Load Balancer For Service

Kubectl Commands Not Working After v1.20 Cluster Upgrade

Move Platform9 Logs Directory to a Different FileSystem to Mitigate Space Issues on PMK Nodes.

How to Start and Stop the PMK Stack Starting From v5.0/K8s v1.18

How To Enable fail-on-swap=false Option as a Parameter Value in Kubelet on a Worker Node

Increase Existing Kubernetes Cluster Node Count for Flannel CNI

Status Checks on the Worker Loadbalancer Show as Nodes Down in AWS

How To Find the Platform9 Managed Kubernetes Version Running on the Management Plane?

How to Enable Audit Logging in PMK Cluster

How Can I Change the Detach Key Combination for Kubernetes Pods?

How to Generate a Token for using the Qbert API

How to Add an Existing App Catalog Repository to a Newly Created Cluster

How to Cleanup Incorrectly Configured Docker Storage

Delete a Cluster using the Qbert API

How To Customize CoreDNS Configuration for Adding Additional External DNS

How To Avoid Placement of More Than One Pod Replicas on Same Worker Node

How To Rotate Container Logs on The Master and Worker Nodes

How To Disable and Re-enable Dynamic Kubelet Configuration

How To Identify the Master Node With Latest ETCD Backup

How To Run Kube-Bench In Platform9 Managed Kubernetes Clusters

How To Clean up Decommissioned Node Manually

How to List all Containers Running in a Cluster

How to Enable Graceful Node Shutdown?

Restoring ETCD Backup to Recover Cluster From Loss of Quorum

How to Restore Cluster from ETCD Backup on New Master Nodes in Case of Loss of All Existing Master Nodes

How To Enable Verbose Logging for Kubelet on a Node?

How-To Enable or Disable MetalLB via Sunpike API For an Already Installed Cluster

How To Use Reserved AWS Instances in PMK

How To Pull Container Images From a Private Repository

How To Forcefully Remove a Terminating Namespace Stuck Due to Finalizers.

How to Upgrade PMK Cluster in Batches

How-To Implement CPU and Memory System Reservation for Kubernetes Nodes

How to Verify if the ETCD Secrets Are Encrypted or Not?

How to Allow Unsafe Sysctls on a PMK Cluster

How To Change calicoIpIpMode to Never in Existing PMK Cluster

How are SSL Certificates Rotated in the Platform9 Managed Kubernetes Stack

How to Proactively Monitor PLEG Health with Prometheus and Alertmanager Rules

How-To Force Delete a Cluster Using API

How to Drain A Kubernetes Node Using API

How to Suspend All Kubernetes CronJobs

How-To Query Container Mounts Using Crictl or Nerdctl

How to Restart PMK Stack?

How to Copy Files From Pod to Host.

How to Collect a Network Trace File from a Browser

Master Node Fails to Attach to an Existing Cluster and UI Shows "Quorum Achieved with a tolerance 1"

How To Rename PMK Cluster?

How To Create K8S Cluster Using Qbert API And Private Docker Registry

How To Install/Upgrade Prometheus Stack Using Helm Chart.

How To Modify Cluster Properties Using API Calls.

How to Save Current State of Cluster Using Cluster-info Dump Command.

How to Configure streamingConnectionIdleTimeout: "672h" Without Dynamic Kubelet Config

How to Clean Luigi and Kubevirt Stale Entries After disabling the Luigin Plugins

How to Re-deploy CoreDNS Pods Only to the Master Nodes.

Create Read-Only Cluster User

Adding new node fails with error "Error registering network: failed to acquire lease: out of subnets"

Disabling pf9-managed cert-manager

CoreDNS Pod Replica Gets Continuously Scaled Down by the Deployment-Controller

How To Enable Debug Log for Kube-APIserver on an Existing Cluster

Speaker pod fails to announce service if ExternalTrafficPolicy is changed to Local

Updating API Audit Logging Parameters using Qbert API Leads to Duplicate Entries.

Vault Token Expired Prematurely Before Validity Period Ends

How to Disable the ImageLocality Scheduling Plugin in PMK

Calico to Cilium Migration on PMK Workload Clusters

Internal Only

Templates

How to Verify if the ETCD Secrets Are Encrypted or Not?

Problem

How to verify if ETCD secrets are actually encrypted after configuring ETCD secret encryption?

Environment

Platform9 Managed Kubernetes - v5.2 and above
Kubernetes v1.20 and above
Docker or Containerd

Answer

ETCD secret encryption can be verified with the help of etcdctl command line utility.
ETCD secrets are stored at the path /registry/secrets/$namespace/$secret on the master node.
The below command can be used to verify if the particular ETCD secret is encrypted or not.

Docker
Containerd
    
xxxxxxxxxx
 
# ETCDCTL_API=3 etcdctl get /registry/secrets/default/secret1 [...] | hexdump -C
Copy

Last updated on

Was this page helpful?

On This Page

How to Verify if the ETCD Secrets Are Encrypted or Not?Problem Environment Answer