Skip to content

Commit

Permalink
Update docs/usage/shoot_credentials_rotation.md
Browse files Browse the repository at this point in the history 
After the removal of support for Kubernetes < 1.20 Shoot clusters (ref #6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore.
  • Loading branch information
@ialidzhikov
ialidzhikov committed Dec 28, 2022
1 parent e9493ae commit 0be90d6
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions docs/usage/shoot_credentials_rotation.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,6 @@ If the `.spec.kubernetes.enableStaticTokenKubeconfig` field is set to `true` (de
This `Secret` is stored with name `<shoot-name>.kubeconfig` in the project namespace in the garden cluster and has multiple data keys:

- `kubeconfig`: the completed kubeconfig
- `token`: token for `system:cluster-admin` user
- `username`/`password`: basic auth credentials (if enabled via `Shoot.spec.kubernetes.kubeAPIServer.enableBasicAuthentication`)
- `ca.crt`: the CA bundle for establishing trust to the API server (same as in the [Cluster CA bundle secret](#cluster-certificate-authority-bundle))

> `Shoots` created with Gardener <= 0.28 used to have a `kubeconfig` based on a client certificate instead of a static token. With the first kubeconfig rotation, such clusters will get a static token as well.
Expand Down

0 comments on commit 0be90d6

Please sign in to comment.