diff --git a/docs/bastion.md b/docs/bastion.md index a42ca88f64..18d5117f7d 100644 --- a/docs/bastion.md +++ b/docs/bastion.md @@ -12,38 +12,44 @@ Note: Bastion will get setup for the cluster(by default) only when `--topology=" ### Specify instance type of bastion Instance types in AWS comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications. -``` -kops create cluster --bastion-instance-type="t2.large" + +- Bastion Instance type can be modified using `kops edit cluster` +- Defaults to `t2.medium` +#### TODO: add the example below for configuration ``` -Bastion instance type will default to `t2.medium` - +``` [More information](https://aws.amazon.com/ec2/instance-types/) -#### Enable/disable bastion, defaults to false +### Turn on/off bastion + To turn on/off bastion host setup completely. +- **Defaults** to `false` if the topology selected is `public` +- **Defaults** to `true` if the topology selected is `private` -| Turn on/off Bastion | Example | Bastion ASG settings -| ----------------------- |------------------------------------------ | -------------------- -| Enable Bastion | `kops create cluster --bastion=true` | ASG's desired/min/max set to default value 1 -| Disable Bastion | `kops create cluster --bastion=false` | ASG' desired/min/max = 0 - -#### Reach bastion from outside of vpc using a name - -When the cluster is created using below - ``` -kops create cluster --bastion-name="bastion" --dns-zone="uswest1.clusters.example.com" -``` -This will create a route53 entry for `bastion.uswest1.clusters.example.com` mapping with bastion ASG's ELB. And bastion can be reached using -``` -ssh -i ubuntu@bastion.uswest1.clusters.example.com + kops create cluster --bastion=[true|false] ``` -### High idle timeout for bastion ASG's ELB. +### Reach bastion from outside of vpc using a name -By default, elastic load balancing sets the idle timeout to 60 seconds. This value can be configured by the user using `-bastion-elb-idle-timeout=120` for making it 120 seconds. +- **Default:** CNAME for the bastion is only created when the user explicitly define it using `kops edit cluster` +- **Configure:** Bastion friendly CNAME can be configured using `kops edit cluster` +#### TODO: add the example below for configuration +``` +``` + +### High idle timeout for bastion ASG's ELB. (Configurable LoadBalancer Attributes) + +By default, elastic load balancing sets the idle timeout to `60` seconds. +- **Default:** Bastion ELB in kops will have `120` seconds as their default timeout. +- **Configure:** This value can be configured using `kops edit cluster` +#### TODO: add the example below for configuration +``` + +``` [More information](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html) ### Improve access to bastion instances