From ef5268e5340eb9e39af25bf01b14910ca34b7740 Mon Sep 17 00:00:00 2001 From: Hunt Xu Date: Thu, 12 Apr 2018 15:10:13 +0800 Subject: [PATCH] Add missing release note for the k8s certs change This is a follow-up of [1], as a release note is needed for such a change. [1] I532f131abbfc8ed90de398cc135e9b8248d2757a Change-Id: I14a03e7b5df4bcb2c04f3b42818947a695ec3edb --- ...-k8s-apiserver-certs-1651e26de5ca001c.yaml | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 releasenotes/notes/qinling-k8s-apiserver-certs-1651e26de5ca001c.yaml diff --git a/releasenotes/notes/qinling-k8s-apiserver-certs-1651e26de5ca001c.yaml b/releasenotes/notes/qinling-k8s-apiserver-certs-1651e26de5ca001c.yaml new file mode 100644 index 00000000..e3e878b2 --- /dev/null +++ b/releasenotes/notes/qinling-k8s-apiserver-certs-1651e26de5ca001c.yaml @@ -0,0 +1,21 @@ +--- +prelude: > + Qinling now can and by default connect to Kubernetes API server with TLS + certificates. +features: + - | + Qinling can connect to Kubernetes API server with TLS certificates, which + ensures that the connection between Qinling and Kubernetes API server is + secure, and the access to the Kubernetes API from Qinling is authenticated + and authroized. For more information, please refer to + `Kubernetes authenticating with X509 client certs `__ + and `using RBAC authorization in Kubernetes `__. +upgrade: + - | + Qinling now by default will connect to Kubernetes API server using TLS + certificates. For testing environments, users can set the + ``use_api_certificate`` option to ``False`` under the ``kubernetes`` + section in the Qinling configuration file to continue using insecure + connection between Qinling and Kubernetes API server. For production + environments, it is recommended to generate client certs for Qinling + to access the Kubernetes API.