From a2c7dec40db373ab40ebf9e25232d7ccbb9341db Mon Sep 17 00:00:00 2001 From: Egor Guz Date: Thu, 22 Oct 2015 16:59:59 -0700 Subject: [PATCH] Kubectl configuration for certificates Missing slash was added to Docker example and instruction how to create kubectl configuration for certificates (to avoid type them for each command) Change-Id: I06fa04cea4df63fa03ea17598a33ce14685870e7 --- doc/source/dev/dev-tls.rst | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/doc/source/dev/dev-tls.rst b/doc/source/dev/dev-tls.rst index 0b0256c974..901aa926db 100644 --- a/doc/source/dev/dev-tls.rst +++ b/doc/source/dev/dev-tls.rst @@ -225,6 +225,21 @@ Now let's run some kubectl commands to check secure communication:: NAME READY STATUS RESTARTS AGE redis-master 2/2 Running 0 1m +You can create kubectl configuration for these flags:: + + kubectl config set-cluster secure-k8sbay --server=${KUBERNETES_URL} \ + --certificate-authority=${PWD}/ca.crt + kubectl config set-credentials client --certificate-authority=${PWD}/ca.crt \ + --client-key=${PWD}/client.key --client-certificate=${PWD}/client.crt + kubectl config set-context secure-k8sbay --cluster=secure-k8sbay --user=client + kubectl config use-context secure-k8sbay + +Now you can use kubectl commands without extra flags:: + + kubectl get pods + NAME READY STATUS RESTARTS AGE + redis-master 2/2 Running 0 1m + Once you have all of these pieces, you can configure your native client. Below is an example for Docker. @@ -233,5 +248,6 @@ is an example for Docker. docker -H tcp://192.168.19.86:2376 --tlsverify \ --tlscacert ca.crt \ --tlskey client.key \ - --tlscert client.crt + --tlscert client.crt \ info +