Skip to content
Due to upgrade issues with the Envoy gateway and the offline installation environments, upgrading to MKE 4k 4.1.3 is not recommended. These issues are fixed in the 4.1.4 release. For version 4.1.3, Mirantis only supports fresh installations.

kube-apiserver options#

Common configuration file section: spec.apiServer

  • The externalAddress field is not available for child clusters. Instead, this address is automatically generated by the CAPI provider.

    To obtain the created external address:

    CHILD_CLUSTER_NAME=the-name-of-the-child-cluster
EXTERNAL_ADDRESS="https://$(kubectl -n k0rdent get awscluster
$CHILD_CLUSTER_NAME -o
jsonpath='{.status.networkStatus.apiServerElb.dnsName}'):30001"

    You can use the address generated under the EXTERNAL_ADDRESS variable to access Ingress controller and the MKE 4k Dashboard.

  • Use the encryptionConfigSecret parameter instead of encryptionProvider. To use the custom EncryptionConfig, you must create a secret in the k0rdent namespace with a key value and the content of the custom configuration as the value, and then you need to set the name of this secret to the encryptionConfigSecret property.

    Example:

    1. Create the custom EncryptionConfig.

    2. Create the secret with the content of the prepared EncryptionConfig in the k0rdent namespace where the MkeChildConfig object will be applied:

      kubectl -n k0rdent create secret generic custom-encryption-config
--from-file=value=path/to/custom/config.cfg

    3. Set the name of the secret to MkeChildConfig:

      spec:
  apiServer:
    encryptionConfigSecret: custom-encryption-config

Refer to kube-apiserver for more details.