Document how to use with kops

[tamalsaha]

kubeAPIServer:
  authenticationTokenWebhookConfigFile: /etc/kubernetes/guard-config

[tamalsaha]

kubernetes/kops#3258

[tamalsaha]

kubernetes/kops#2090

[thomaspeitz]

Quick setup: - Will pr docs after christmas:
Check ip to use: kops edit cluster --name <cluster_name>
if nonMasqueradeCIDR: 100.64.0.0/10 => Then ip to use is 100.64.10.96

After everything is generated: kops edit cluster

spec: 
  kubeAPIServer:
    authenticationTokenWebhookConfigFile: /srv/kubernetes/webhook-guard-config
  fileAssets:
  - content: |
       (OUTPUT of: guard get webhook-config ivx -o github --addr=100.64.10.96:9844)
    name: guard-github-auth
    path: /srv/kubernetes/webhook-guard-config
    roles:
    - Master

Update cluster config: kops update cluster; then kops update cluster --yes

Rolling updater master nodes, one after another. Test with one master then every third request should "work" - So you can test without breaking your setup. kops rolling-update cluster <cluster_name> --instance-group master-eu-west-1a--yes - If something does not work: Ssh to master and check kube-api logs /var/log/ - This will help you debugging.

After Christmas i will document this in a proper way.

[tamalsaha]

Closed via #43