ef5268e534
This is a follow-up of [1], as a release note is needed for such a change. [1] I532f131abbfc8ed90de398cc135e9b8248d2757a Change-Id: I14a03e7b5df4bcb2c04f3b42818947a695ec3edb
22 lines
1.1 KiB
YAML
22 lines
1.1 KiB
YAML
---
|
|
prelude: >
|
|
Qinling now can and by default connect to Kubernetes API server with TLS
|
|
certificates.
|
|
features:
|
|
- |
|
|
Qinling can connect to Kubernetes API server with TLS certificates, which
|
|
ensures that the connection between Qinling and Kubernetes API server is
|
|
secure, and the access to the Kubernetes API from Qinling is authenticated
|
|
and authroized. For more information, please refer to
|
|
`Kubernetes authenticating with X509 client certs <https://kubernetes.io/docs/admin/authentication/#x509-client-certs>`__
|
|
and `using RBAC authorization in Kubernetes <https://kubernetes.io/docs/admin/authorization/rbac/>`__.
|
|
upgrade:
|
|
- |
|
|
Qinling now by default will connect to Kubernetes API server using TLS
|
|
certificates. For testing environments, users can set the
|
|
``use_api_certificate`` option to ``False`` under the ``kubernetes``
|
|
section in the Qinling configuration file to continue using insecure
|
|
connection between Qinling and Kubernetes API server. For production
|
|
environments, it is recommended to generate client certs for Qinling
|
|
to access the Kubernetes API.
|