kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5793 from fernandocarletti/patch-1 

Added documentation for Api server LB Certificate
This commit is contained in:
k8s-ci-robot 2018-09-17 09:00:54 -07:00 committed by GitHub
parent 2a25ea58de a8185a91fd
commit b0de7f57d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/cluster_spec.md
View File

@ -46,6 +46,15 @@ spec:
idleTimeoutSeconds: 300
```
You can use a valid SSL Certificate for your API Server Load Balancer. Currently, only AWS is supported:
```yaml
spec:
api:
loadBalancer:
sslCertificate: arn:aws:acm:<region>:<accountId>:certificate/<uuid>
```
### etcdClusters v3 & tls
Although kops doesn't presently default to etcd3, it is possible to turn on both v3 and TLS authentication for communication amongst cluster members. These options may be enabled via the cluster spec (manifests only i.e. no command line options as yet). An upfront warning; at present no upgrade path exists for migrating from v2 to v3 so **DO NOT** try to enable this on a v2 running cluster as it must be done on cluster creation. The below example snippet assumes a HA cluster of three masters.