cloudConfig.elbSecurityGroup under wrong L3 heading

elbSecurityGroup is under the docker L3 heading and should be under cloudConfig.
2018-01-08 12:54:41 -06:00 · 2018-01-08 12:54:41 -06:00 · ddefd889b8
parent b8a701b2da
commit ddefd889b8
1 changed files with 11 additions and 11 deletions
--- a/docs/cluster_spec.md
+++ b/docs/cluster_spec.md
@ -384,6 +384,17 @@ spec:
    disableSecurityGroupIngress: true
 ```

+#### WARNING: this works only for Kubernetes version above 1.7.0.
+
+For avoid to create security group per each elb, you can specify security group id, that will be assigned to your LoadBalancer. It must be security group id, not name. Also, security group must be empty, because Kubernetes will add rules per ports that are specified in service file.
+This can be usefull to avoid AWS limits: 500 security groups per region and 50 rules per security group.
+
+```yaml
+spec:
+  cloudConfig:
+    elbSecurityGroup: sg-123445678
+```
+
 ### docker

 It is possible to override Docker daemon options for all masters and nodes in the cluster. See the [API docs](https://godoc.org/k8s.io/kops/pkg/apis/kops#DockerConfig) for the full list of options.
@ -416,17 +427,6 @@ docker:
    - "dm.use_deferred_removal=true"
 ```

-#### WARNING: this works only for Kubernetes version above 1.7.0.
-
-For avoid to create security group per each elb, you can specify security group id, that will be assigned to your LoadBalancer. It must be security group id, not name. Also, security group must be empty, because Kubernetes will add rules per ports that are specified in service file.
-This can be usefull to avoid AWS limits: 500 security groups per region and 50 rules per security group.
-
-```yaml
-spec:
-  cloudConfig:
-    elbSecurityGroup: sg-123445678
-```
-
 ### sshKeyName

 In some cases, it may be desirable to use an existing AWS SSH key instead of allowing kops to create a new one.