kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Note about breaking change for apiserver files

This commit is contained in:
Ole Markus With 2021-09-10 13:45:02 +02:00
parent 39eb930646
commit 81d00f4bc3
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/cluster_spec.md
View File

@ -376,10 +376,10 @@ spec:
auditLogMaxBackups: 1
auditLogMaxSize: 100
auditLogPath: /var/log/kube-apiserver-audit.log
auditPolicyFile: /srv/kubernetes/audit/policy-config.yaml
auditPolicyFile: /srv/kubernetes/kube-apiserver/audit-policy-config.yaml
fileAssets:
- name: audit-policy-config
path: /srv/kubernetes/audit/policy-config.yaml
path: /srv/kubernetes/kube-apiserver/audit-policy-config.yaml
roles:
- Master
content: |
@ -403,10 +403,10 @@ Webhook backend sends audit events to a remote API, which is assumed to be the s
spec:
kubeAPIServer:
auditWebhookBatchMaxWait: 5s
auditWebhookConfigFile: /srv/kubernetes/audit/webhook-config.yaml
auditWebhookConfigFile: /srv/kubernetes/kube-apiserver/audit-webhook-config.yaml
fileAssets:
- name: audit-webhook-config
path: /srv/kubernetes/audit/webhook-config.yaml
path: /srv/kubernetes/kube-apiserver/audit-webhook-config.yaml
roles:
- Master
content: |

21
docs/releases/1.22-NOTES.md
View File

@ -56,6 +56,27 @@ Currently this is only available using the AWS cloud provider.
# Breaking changes
## kube-apiserver no longer mounts /srv/kubernetes
For security reasons, `/srv/kubernetes` is no longer mounted in the kube-apiserver Pod. This also means the files in the default file assets path will be unavailable. If you have file assets or other files needed by kube-apiserver, you must put these into `/srv/kubernetes/kube-apiserver/`.
For file assets, it means adding an explicit path as shown below:
```yaml
fileAssets:
- name: audit-policy-config
path: /srv/kubernetes/kube-apiserver/audit-policy-config.yaml # make sure you add the path
roles:
- Master
content: |
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadat
```
## Other breaking changes
* Support for Kubernetes versions 1.15 and 1.16 has been removed.
* The legacy addons from `https://github.com/kubernetes/kops/tree/master/addons` have been deprecated and will not be available in Kubernetes 1.23+. Use [managed addons](https://kops.sigs.k8s.io/addons) instead.