mirror of https://github.com/kubernetes/kops.git
86 lines
2.1 KiB
Markdown
86 lines
2.1 KiB
Markdown
# Description of Keys in `config` and `cluster.spec`
|
|
|
|
This list is not complete, but aims to document any keys that are less than self-explanatory.
|
|
|
|
## spec
|
|
|
|
|
|
### api
|
|
|
|
This object configures how we expose the API:
|
|
|
|
* `dns` will allow direct access to master instances, and configure DNS to point directly to the master nodes.
|
|
* `loadBalancer` will configure a load balancer (ELB) in front of the master nodes, and configure DNS to point to the ELB.
|
|
|
|
DNS example:
|
|
|
|
```yaml
|
|
spec:
|
|
api:
|
|
dns: {}
|
|
```
|
|
|
|
|
|
When configuring a LoadBalancer, you can also choose to have a public ELB or an internal (VPC only) ELB. The `type`
|
|
field should be `Public` or `Internal`.
|
|
|
|
```yaml
|
|
spec:
|
|
api:
|
|
loadBalancer:
|
|
type: Public
|
|
```
|
|
|
|
### sshAccess
|
|
|
|
This array configures the CIDRs that are able to ssh into nodes. On AWS this is manifested as inbound security group rules on the `nodes` and `master` security groups.
|
|
|
|
Use this key to restrict cluster access to an office ip address range, for example.
|
|
|
|
```yaml
|
|
spec:
|
|
sshAccess:
|
|
- 12.34.56.78/32
|
|
```
|
|
|
|
### apiAccess
|
|
|
|
This array configures the CIDRs that are able to access the kubernetes API. On AWS this is manifested as inbound security group rules on the ELB or master security groups.
|
|
|
|
Use this key to restrict cluster access to an office ip address range, for example.
|
|
|
|
```yaml
|
|
spec:
|
|
apiAccess:
|
|
- 12.34.56.78/32
|
|
```
|
|
|
|
### kubeAPIServer
|
|
|
|
This block contains configuration for the `kube-apiserver`.
|
|
|
|
#### runtimeConfig
|
|
|
|
Keys and values here are translated into `--runtime-config` values for `kube-apiserver`, separated by commas.
|
|
|
|
Use this to enable alpha features, for example:
|
|
|
|
```yaml
|
|
spec:
|
|
kubeAPIServer:
|
|
runtimeConfig:
|
|
batch/v2alpha1: "true"
|
|
apps/v1alpha1: "true"
|
|
```
|
|
|
|
Will result in the flag `--runtime-config=batch/v2alpha1=true,apps/v1alpha1=true`. Note that `kube-apiserver` accepts `true` as a value for switch-like flags.
|
|
|
|
### networkID
|
|
|
|
On AWS, this is the id of the VPC the cluster is created in. If creating a cluster from scratch, this field doesn't need to be specified at create time; `kops` will create a `VPC` for you.
|
|
|
|
```yaml
|
|
spec:
|
|
networkID: vpc-abcdefg1
|
|
```
|