kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4226 from steveruckdashel/patch-1 

cloudConfig.elbSecurityGroup under wrong L3 heading
This commit is contained in:
k8s-ci-robot 2018-01-09 02:41:13 -08:00 committed by GitHub
parent 18e7e369e7 ce63762d8f
commit eac162fe15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docs/cluster_spec.md
View File

@ -376,6 +376,7 @@ spec:
### cloudConfig
#### disableSecurityGroupIngress
If you are using aws as `cloudProvider`, you can disable authorization of ELB security group to Kubernetes Nodes security group. In other words, it will not add security group rule.
This can be usefull to avoid AWS limit: 50 rules per security group.
```yaml
@ -384,6 +385,19 @@ spec:
disableSecurityGroupIngress: true
```
#### elbSecurityGroup
*WARNING: this works only for Kubernetes version above 1.7.0.*
To avoid creating a security group per elb, you can specify security group id, that will be assigned to your LoadBalancer. It must be security group id, not name.
`api.loadBalancer.additionalSecurityGroups` must be empty, because Kubernetes will add rules per ports that are specified in service file.
This can be useful to avoid AWS limits: 500 security groups per region and 50 rules per security group.
```yaml
spec:
cloudConfig:
elbSecurityGroup: sg-123445678
```
### docker
It is possible to override Docker daemon options for all masters and nodes in the cluster. See the [API docs](https://godoc.org/k8s.io/kops/pkg/apis/kops#DockerConfig) for the full list of options.
@ -416,17 +430,6 @@ docker:
- "dm.use_deferred_removal=true"
```
#### WARNING: this works only for Kubernetes version above 1.7.0.
For avoid to create security group per each elb, you can specify security group id, that will be assigned to your LoadBalancer. It must be security group id, not name. Also, security group must be empty, because Kubernetes will add rules per ports that are specified in service file.
This can be usefull to avoid AWS limits: 500 security groups per region and 50 rules per security group.
```yaml
spec:
cloudConfig:
elbSecurityGroup: sg-123445678
```
### sshKeyName
In some cases, it may be desirable to use an existing AWS SSH key instead of allowing kops to create a new one.