See also Kubernetes certificates Disable Basic Auth ¶ The refresh ca.crt logic can also be achieved by writing a kops hook. If a customized client-ca file is used, when kOps cert rotation happens, the user is responsible for updating the ca.crt in the customized client-ca file. Kops has a CA rotation feature, which refreshes the Kubernetes certificate files, including the ca.crt. One way to append the ca.crt to the end of the customized client-ca file is to write an kop-hook to do the append logic. In the case that the user would use a customized client-ca file, it is common that the kubernetes CA ( /srv/kubernetes/ca/crt) need to be appended to the end of the client-ca file. To prepare the customized client-ca file on master nodes, the user can either use the fileAssets feature to push an client-ca file, or embed the customized client-ca file in the master AMI. In that case, the user can use this flag to specify the client-ca file to use. There are certain cases that the user may want to use a customized client CA file other than the default one generated for Kubernetes. Spec : kubeAPIServer : clientCAFile : /srv/kubernetes/client-ca.crt Moving from a Single Master to Multiple HA Masters Service Account Issuer Discovery and AWS IAM Roles for Service Accounts (IRSA) Optional step: add root certificates to instancegroups root ca bundle Setting kubelet configurations together with the Amazon VPC backend
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |