11/18/2023 0 Comments Controlplane backup![]() You should ensure that the IP address ranges used by the Kubernetes nodes themselves (i.e. K3s will automatically add the cluster internal Pod and Service IP ranges and cluster DNS domain to the list of NO_PROXY entries. Of course, you can also configure the proxy by editing these files. The K3s installation script will automatically take the HTTP_PROXY, HTTPS_PROXY and NO_PROXY, as well as the CONTAINERD_HTTP_PROXY, CONTAINERD_HTTPS_PROXY and CONTAINERD_NO_PROXY variables from the current shell, if they are present, and write them to the environment file of your systemd service, usually: These proxy settings will then be used in K3s and passed down to the embedded containerd and kubelet. If you are running K3s in an environment, which only has external connectivity through an HTTP proxy, you can configure your proxy settings on the K3s systemd service. It is possible to enable a second static token that can only be used to join agents, or to create temporary kubeadm style join tokens that expire automatically.įor more information, see the k3s token command documentation. ![]() This token cannot be changed once the cluster has been created. Token Management īy default, K3s uses a single static token for both servers and agents. Any certificates that are expired, or within 90 days of expiring, are automatically renewed every time K3s starts.įor information on manually rotating client and server certificates, see the k3s certificate rotate command documentation. K3s client and server certificates are valid for 365 days from their date of issuance. These CA certificates are valid for 10 years, and are not automatically renewed.įor information on using custom CA certificates, or renewing the self-signed CA certificates, see the k3s certificate rotate-ca command documentation. K3s generates self-signed Certificate Authority (CA) Certificates during startup of the first server node. Certificate Management Certificate Authority Certificates This section contains advanced information describing the different ways you can run and manage K3s, as well as steps necessary to prepare the host OS for K3s use.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |