kube-apiserver options

Common configuration file section: spec.apiServer

• The externalAddress field is not available for child clusters. Instead, this address is automatically generated by the CAPI provider.

  To obtain the created external address:

  CHILD_CLUSTER_NAME=the-name-of-the-child-cluster
  EXTERNAL_ADDRESS="https://$(kubectl -n k0rdent get awscluster
  $CHILD_CLUSTER_NAME -o
  jsonpath='{.status.networkStatus.apiServerElb.dnsName}'):30001"
  

  You can use the address generated under the EXTERNAL_ADDRESS variable to access Ingress controller and the MKE dashboard.

• Use the encryptionConfigSecret parameter instead of encryptionProvider. To use the custom EncryptionConfig, you must create a secret in the k0rdent namespace with a key value and the content of the custom configuration as the value, and then you need to set the name of this secret to the encryptionConfigSecret property.

  Example:

  1. Create the custom EncryptionConfig.

  2. Create the secret with the content of the prepared EncryptionConfig in the k0rdent namespace where the MkeChildConfig object will be applied:

     kubectl -n k0rdent create secret generic custom-encryption-config
     --from-file=value=path/to/custom/config.cfg
     

  3. Set the name of the secret to MkeChildConfig:

     spec:
       apiServer:
         encryptionConfigSecret: custom-encryption-config
     

Refer to kube-apiserver for more details.