-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Etcd V3 & TLS Support #3514
Etcd V3 & TLS Support #3514
Conversation
gambol99
commented
Oct 2, 2017
- adding documentation for the etcd v3 and tls options
@KashifSaadat ... review please :-) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is great! just very minor suggestions, but thanks!
docs/cluster_spec.md
Outdated
### etcd v3 & tls | ||
|
||
Although kops doesn't presently default to etcdv3 both v3 and TLS can be enabled via the cluster spec (manifests only i.e. no command line options as yet). An upfront warning; at present no upgrade path exists for migrating from v2 to v3 so **DO NOT** try to enable this on a v2 running cluster. The below example snippet assumes a HA cluster of three masters. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Understood that you'd can't upgrade from v2 to v3- is this setting similar to the encrypted etcd options where you MUST enable this at cluster creation? It sounds like it- your doc is wonderfully clear, but I'd add that to your note :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think encrypted is more absolute though ... Technically with v2 and tls you can enable and then run the numerous commands to migrate and change the peer urls. But i'll chunk it in none the less :-)
docs/cluster_spec.md
Outdated
@@ -34,6 +34,34 @@ spec: | |||
idleTimeoutSeconds: 300 | |||
``` | |||
|
|||
### etcd v3 & tls | |||
|
|||
Although kops doesn't presently default to etcdv3 both v3 and TLS can be enabled via the cluster spec (manifests only i.e. no command line options as yet). An upfront warning; at present no upgrade path exists for migrating from v2 to v3 so **DO NOT** try to enable this on a v2 running cluster. The below example snippet assumes a HA cluster of three masters. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps: Although kops doesn't presently default to etcd3, it is possible to turn on both v3 and TLS authentication for communication amongst cluster members. These options may be enabled via the cluster spec...
- adding documentation for the etcd v3 and tls options
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, cheers! 👍
@geojaz what I say? |
Thanks @gambol99 /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Automatic merge from submit-queue. |