You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Self-managed clusters can have encryption-at-rest enabled and have KMS installed. However, do to design limitations in KMS v1, when secrets count exceeds KMS cache size, the performance of secret listing can be significantly impacted due to KeyVault throttling. We need a check to warn user about this risk.
Design
Check if we're on a master node of a self-managed cluster.
Check API server arguments to see if KMS is enabled: --encryption-provider-config
Background
Self-managed clusters can have encryption-at-rest enabled and have KMS installed. However, do to design limitations in KMS v1, when secrets count exceeds KMS cache size, the performance of secret listing can be significantly impacted due to KeyVault throttling. We need a check to warn user about this risk.
Design
--encryption-provider-config
The text was updated successfully, but these errors were encountered: