Skip to content
This repository was archived by the owner on Jun 29, 2022. It is now read-only.

Commit 8b50f72

Browse files
author
knrt10
committed
Add docs for encrypt_pods_traffic flag
Signed-off-by: knrt10 <kautilya@kinvolk.io>
1 parent 66789cc commit 8b50f72

File tree

4 files changed

+12
-1
lines changed

4 files changed

+12
-1
lines changed

docs/configuration-reference/platforms/aks.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@ cluster "aks" {
6868
resource_group_name = var.resource_group_name
6969
application_name = var.application_name
7070
manage_resource_group = var.manage_resource_group
71+
encrypt_pods_traffic = true
7172
7273
worker_pool "default" {
7374
count = var.workers_count
@@ -100,6 +101,7 @@ block in the cluster configuration.
100101
| `tenant_id` | Azure Tenant ID. Can also be provided using the `LOKOMOTIVE_AKS_TENANT_ID` environment variable. | - | string | true |
101102
| `subscription_id` | Azure Subscription ID. Can also be provided using the `LOKOMOTIVE_AKS_SUBSCRIPTION_ID` environment variable. | - | string | true |
102103
| `resource_group_name` | Name of the resource group, where AKS cluster object will be created. Please note, that AKS will also create a separate resource group for workers and other required objects, like load balancers, disks etc. If `manage_resource_group` parameter is set to `false`, this resource group must be manually created before cluster creation. | - | string | true |
104+
| `encrypt_pods_traffic` | Enable in-cluster pod traffic. | true | bool | false |
103105
| `client_id` | Azure service principal ID used for running the AKS cluster. Can also be provided using the `LOKOMOTIVE_AKS_CLIENT_ID`. This parameter is mutually exclusive with `application_name` parameter. | - | string | false |
104106
| `client_secret` | Azure service principal secret used for running the AKS cluster. Can also be provided using the `LOKOMOTIVE_AKS_CLIENT_SECRET`. This parameter is mutually exclusive with `application_name` parameter. | - | string | false |
105107
| `tags` | Additional tags for Azure resources. | - | map(string) | false |

docs/configuration-reference/platforms/aws.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,8 @@ cluster "aws" {
107107
108108
enable_tls_bootstrap = true
109109
110+
encrypt_pods_traffic = true
111+
110112
disk_size = var.disk_size
111113
112114
disk_type = var.disk_type
@@ -219,6 +221,7 @@ worker_pool "my-worker-pool" {
219221
| `region` | AWS region to use for deploying the cluster. | "eu-central-1" | string | false |
220222
| `enable_aggregation` | Enable the Kubernetes Aggregation Layer. | true | bool | false |
221223
| `enable_tls_bootstrap` | Enable TLS bootstraping for Kubelet. | true | bool | false |
224+
| `encrypt_pods_traffic` | Enable in-cluster pod traffic. | true | bool | false |
222225
| `disk_size` | Size of the EBS volume in GB. | 40 | number | false |
223226
| `disk_type` | Type of the EBS volume (e.g. standard, gp2, io1). | "gp2" | string | false |
224227
| `disk_iops` | IOPS of the EBS volume (e.g 100). | 0 | number | false |

docs/configuration-reference/platforms/baremetal.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,8 @@ cluster "bare-metal" {
9494
9595
enable_tls_bootstrap = true
9696
97+
encrypt_pods_traffic = true
98+
9799
oidc {
98100
issuer_url = var.oidc_issuer_url
99101
client_id = var.oidc_client_id
@@ -149,7 +151,8 @@ os_version = var.custom_default_os_version
149151
| `ssh_pubkeys` | List of SSH public keys for user `core`. Each element must be specified in a valid OpenSSH public key format, as defined in RFC 4253 Section 6.6, e.g. "ssh-rsa AAAAB3N...". | - | list(string) | true |
150152
| `os_version` | Flatcar Container Linux version to install. Version such as "2303.3.1" or "current". | "current" | string | false |
151153
| `os_channel` | Flatcar Container Linux channel to install from ("flatcar-stable", "flatcar-beta", "flatcar-alpha", "flatcar-edge"). | "flatcar-stable" | string | false |
152-
| `enable_tls_bootstrap` | Enable TLS bootstraping for Kubelet. | true | bool | false |
154+
| `enable_tls_bootstrap` | Enable TLS bootstraping for Kubelet. | true | bool | false |
155+
| `encrypt_pods_traffic` | Enable in-cluster pod traffic. | true | bool | false |
153156
| `oidc` | OIDC configuration block. | - | object | false |
154157
| `oidc.issuer_url` | URL of the provider which allows the API server to discover public signing keys. Only URLs which use the https:// scheme are accepted. | - | string | false |
155158
| `oidc.client_id` | A client id that all tokens must be issued for. | "gangway" | string | false |

docs/configuration-reference/platforms/packet.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,8 @@ cluster "packet" {
111111
112112
enable_tls_bootstrap = true
113113
114+
encrypt_pods_traffic = true
115+
114116
enable_reporting = false
115117
116118
network_ip_autodetection_method = "first-found"
@@ -221,6 +223,7 @@ node_type = var.custom_default_worker_type
221223
| `node_private_cidr` | Private IPv4 CIDR of the nodes used to allow inter-node traffic. Example "10.0.0.0/8" | - | string | true |
222224
| `enable_aggregation` | Enable the Kubernetes Aggregation Layer. | true | bool | false |
223225
| `enable_tls_bootstrap` | Enable TLS bootstraping for Kubelet. | true | bool | false |
226+
| `encrypt_pods_traffic` | Enable in-cluster pod traffic. | true | bool | false |
224227
| `network_mtu` | CNI interface MTU | 1480 | number | false |
225228
| `pod_cidr` | CIDR IPv4 range to assign Kubernetes pods. | "10.2.0.0/16" | string | false |
226229
| `service_cidr` | CIDR IPv4 range to assign Kubernetes services. | "10.3.0.0/16" | string | false |

0 commit comments

Comments
 (0)