mirror of https://github.com/kubernetes/kops.git
Automatic merge from submit-queue Etcd TLS Options The current implementation does not put any transport security on the etcd cluster. The PR provides and optional flag to enable TLS the etcd cluster - cleaned up and fixed any formatting issues on the journey - added two new certificates (server/client) for etcd peers and a client certificate for kubeapi and others perhaps (perhaps calico?) - disabled the protokube service for nodes completely is not required; note this was first raised in https://github.com/kubernetes/kops/pull/3091, but figured it would be easier to place in here given the relation - updated protokube codebase to reflect the changes, removing the master option as its no longer required - added additional integretion tests for the protokube manifests; - note, still need to add documentation, but opening the PR to get feedback - one outstanding issue is the migration from http -> https for preexisting clusters, i'm gonna hit the coreos board to ask for the best options |
||
---|---|---|
.. | ||
resources | ||
tests | ||
architecture.go | ||
cloudconfig.go | ||
codecs.go | ||
context.go | ||
convenience.go | ||
directories.go | ||
docker.go | ||
docker_test.go | ||
etcd.go | ||
firewall.go | ||
hooks.go | ||
kubeapiserver.go | ||
kubeapiserver_test.go | ||
kubecontrollermanager.go | ||
kubectl.go | ||
kubelet.go | ||
kubelet_test.go | ||
kubeproxy.go | ||
kuberouter.go | ||
kubescheduler.go | ||
logrotate.go | ||
network.go | ||
packages.go | ||
protokube.go | ||
secrets.go | ||
sysctls.go |