Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Etcd V3 & TLS Support #3514

Merged
merged 1 commit into from
Oct 9, 2017
Merged

Etcd V3 & TLS Support #3514

merged 1 commit into from
Oct 9, 2017

Conversation

gambol99
Copy link
Contributor

@gambol99 gambol99 commented Oct 2, 2017

  • adding documentation for the etcd v3 and tls options

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Oct 2, 2017
@gambol99
Copy link
Contributor Author

gambol99 commented Oct 2, 2017

@KashifSaadat ... review please :-)

geojaz
geojaz reviewed Oct 2, 2017
View reviewed changes
Copy link
Member

@geojaz geojaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is great! just very minor suggestions, but thanks!

docs/cluster_spec.md Outdated
### etcd v3 & tls

Although kops doesn't presently default to etcdv3 both v3 and TLS can be enabled via the cluster spec (manifests only i.e. no command line options as yet). An upfront warning; at present no upgrade path exists for migrating from v2 to v3 so **DO NOT** try to enable this on a v2 running cluster. The below example snippet assumes a HA cluster of three masters.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understood that you'd can't upgrade from v2 to v3- is this setting similar to the encrypted etcd options where you MUST enable this at cluster creation? It sounds like it- your doc is wonderfully clear, but I'd add that to your note :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think encrypted is more absolute though ... Technically with v2 and tls you can enable and then run the numerous commands to migrate and change the peer urls. But i'll chunk it in none the less :-)

docs/cluster_spec.md Outdated
@@ -34,6 +34,34 @@ spec:
idleTimeoutSeconds: 300
```

### etcd v3 & tls

Although kops doesn't presently default to etcdv3 both v3 and TLS can be enabled via the cluster spec (manifests only i.e. no command line options as yet). An upfront warning; at present no upgrade path exists for migrating from v2 to v3 so **DO NOT** try to enable this on a v2 running cluster. The below example snippet assumes a HA cluster of three masters.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps: Although kops doesn't presently default to etcd3, it is possible to turn on both v3 and TLS authentication for communication amongst cluster members. These options may be enabled via the cluster spec...

@gambol99
Etcd V3 & TLS Support
7c2ce19 
- adding documentation for the etcd v3 and tls options
KashifSaadat
KashifSaadat approved these changes Oct 3, 2017
View reviewed changes
Copy link
Contributor

@KashifSaadat KashifSaadat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, cheers! 👍

@KashifSaadat KashifSaadat mentioned this pull request Oct 3, 2017
Closed
@chrislovecnm
Copy link
Contributor

@geojaz what I say?

@justinsb
Copy link
Member

justinsb commented Oct 9, 2017

Thanks @gambol99

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 9, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: justinsb

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 9, 2017
@k8s-github-robot
Copy link

Automatic merge from submit-queue.

@k8s-github-robot k8s-github-robot merged commit 4440001 into kubernetes:master Oct 9, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KashifSaadat KashifSaadat KashifSaadat approved these changes

@geojaz geojaz geojaz approved these changes

Assignees

@justinsb justinsb

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@gambol99 @chrislovecnm @justinsb @k8s-github-robot @vendrov @KashifSaadat @geojaz @k8s-ci-robot