From 36c5080f8207ab5b0660e5cf3399c1ffdfd03c17 Mon Sep 17 00:00:00 2001 From: Ansil H Date: Tue, 27 Jul 2021 12:29:45 +0530 Subject: [PATCH] Added note Added note for "TLS Certificates management in Kubernetes" --- content/rke/latest/en/cert-mgmt/_index.md | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/content/rke/latest/en/cert-mgmt/_index.md b/content/rke/latest/en/cert-mgmt/_index.md index 1d60d38c3be..5ca6b8301f4 100644 --- a/content/rke/latest/en/cert-mgmt/_index.md +++ b/content/rke/latest/en/cert-mgmt/_index.md @@ -5,6 +5,8 @@ weight: 150 _Available as of v0.2.0_ +> **Note:** This is not "TLS Certificates management in Kubernetes". Refer the [Kubernetes documentation](https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/) and RKE [cluster.yaml example]({{}}/rke/latest/en/example-yamls/) for more details. + Certificates are an important part of Kubernetes clusters and are used for all Kubernetes cluster components. RKE has a `rke cert` command to help work with certificates. * [Ability to generate certificate sign requests for the Kubernetes components](#generating-certificate-signing-requests-csrs-and-keys) @@ -108,16 +110,3 @@ INFO[0001] [certificates] Generating etcd-zzzzz certificate and key INFO[0001] Successfully Deployed state file at [./cluster.rkestate] INFO[0001] Rebuilding Kubernetes cluster with rotated certificates ``` - -### Optional settings - -Use [extra_args]({{}}rke/latest/en/config-options/services/services-extras/#extra-args) to enable optional settings of each [services]({{}}/rke/latest/en/config-options/services/) that needs certificates and keys. - -For example, to enable [Certificate Management](https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/), add `cluster-signing-cert-file` & `cluster-signing-key-file` to kube-controller in `cluster.yml` file. -``` -services: - kube-controller: - extra_args: - cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem" - cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem" -```