kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove docs regarding manual IAM modification

This commit is contained in:
yissachar 2017-02-12 01:28:57 -05:00 committed by GitHub
parent 05eb1d5e8e
commit 442d77d332
1 changed files with 0 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/etcd_volume_encryption.md
View File

@ -63,17 +63,3 @@ kops update cluster ${CLUSTER_NAME}
# Review changes before applying # Review changes before applying
kops update cluster ${CLUSTER_NAME} --yes kops update cluster ${CLUSTER_NAME} --yes
``` ```
At this point you must edit the Key Users list to add the `masters` role.
This has to be done before the master(s) attempt to to mount the volumes.
You should have at least a several minute window between the `masters` role being created by kops and the master(s)
mounting the volume, but if you somehow miss this window, you can just delete the master(s) and the ASG will kick in
and once new masters start up they should be able to mount successfully.
Adding the `masters` role to the Key Users group via the AWS Console:
1. Navigate to the IAM page
2. Click on `Encryption keys` on the left sidebar
3. Select the KMS key that you are using to encrypt the etcd volumes
4. Scroll down to Key Users and click Add
5. Select the `masters.<your.domain>` role and click Attach