From 4eb05df1b1b6c1ded280a21c1a2fe9701b31dae1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Steenis Date: Sun, 16 May 2021 19:12:39 +0200 Subject: [PATCH] Add cert info/links for kubelet serving cert --- content/rke/latest/en/cert-mgmt/_index.md | 3 ++- content/rke/latest/en/example-yamls/_index.md | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/content/rke/latest/en/cert-mgmt/_index.md b/content/rke/latest/en/cert-mgmt/_index.md index 21f9f53011e..95ba2123720 100644 --- a/content/rke/latest/en/cert-mgmt/_index.md +++ b/content/rke/latest/en/cert-mgmt/_index.md @@ -23,7 +23,8 @@ By default, Kubernetes clusters require certificates and RKE will automatically After the certificates are rotated, the Kubernetes components are automatically restarted. Certificates can be rotated for the following services: - etcd -- kubelet +- kubelet (node certificate) +- kubelet (serving certificate, if [enabled]({{}}/rke/latest/en/config-options/services/#kubelet-options)) - kube-apiserver - kube-proxy - kube-scheduler diff --git a/content/rke/latest/en/example-yamls/_index.md b/content/rke/latest/en/example-yamls/_index.md index 64d3ecf54bb..989623a7f01 100644 --- a/content/rke/latest/en/example-yamls/_index.md +++ b/content/rke/latest/en/example-yamls/_index.md @@ -185,6 +185,9 @@ services: cluster_dns_server: 10.43.0.10 # Fail if swap is on fail_swap_on: false + # Generate a certificate signed by the kube-ca Certificate Authority + # for the kubelet to use as a server certificate + generate_serving_certificate: true # Set max pods to 250 instead of default 110 extra_args: max-pods: 250