qinling/releasenotes/notes/qinling-k8s-apiserver-certs-1651e26de5ca001c.yaml
Hunt Xu ef5268e534 Add missing release note for the k8s certs change
This is a follow-up of [1], as a release note is needed for such a
change.

[1] I532f131abbfc8ed90de398cc135e9b8248d2757a

Change-Id: I14a03e7b5df4bcb2c04f3b42818947a695ec3edb
2018-04-12 15:10:13 +08:00

22 lines
1.1 KiB
YAML

---
prelude: >
Qinling now can and by default connect to Kubernetes API server with TLS
certificates.
features:
- |
Qinling can connect to Kubernetes API server with TLS certificates, which
ensures that the connection between Qinling and Kubernetes API server is
secure, and the access to the Kubernetes API from Qinling is authenticated
and authroized. For more information, please refer to
`Kubernetes authenticating with X509 client certs <https://kubernetes.io/docs/admin/authentication/#x509-client-certs>`__
and `using RBAC authorization in Kubernetes <https://kubernetes.io/docs/admin/authorization/rbac/>`__.
upgrade:
- |
Qinling now by default will connect to Kubernetes API server using TLS
certificates. For testing environments, users can set the
``use_api_certificate`` option to ``False`` under the ``kubernetes``
section in the Qinling configuration file to continue using insecure
connection between Qinling and Kubernetes API server. For production
environments, it is recommended to generate client certs for Qinling
to access the Kubernetes API.