Add --internal flag for export kubecfg that targets the internal dns name #9732
Commits on Aug 27, 2020
-
Add --internal flag for export kubecfg that targets the internal dns …
…name Kops creates an "api.internal.$clustername" dns A record that points to the master IP(s) This adds a flag that will use that name and force the CA cert to be included. This is a workaround for client certificate authentication not working on API ELBs with ACM certificates. The ELB has a TLS listener rather than TCP, so the client certificate is not passed through to the apiserver. Using --internal will bypass the API ELB so that the client certificate will be passed directly to the apiserver. This also requires that the masters' security groups allow 443 access from the client which this does not handle automatically.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.