diff options
author | Johan Thomsen <jth@dbc.dk> | 2022-10-16 00:40:01 +0200 |
---|---|---|
committer | zowoq <59103226+zowoq@users.noreply.github.com> | 2022-10-16 10:13:05 +1000 |
commit | 38ea9bc0834b59f59a7fe99a03f4bdd33e75077d (patch) | |
tree | ad97df19671e14e5fedcf896349d83b80b1e85fd /nixos/doc/manual | |
parent | 6ec7298ead8d41f44453c219848d2d5255371ec3 (diff) |
nixos/manual/kubernetes: re-enabling of insecure ports is no longer possible
Diffstat (limited to 'nixos/doc/manual')
-rw-r--r-- | nixos/doc/manual/configuration/kubernetes.chapter.md | 8 | ||||
-rw-r--r-- | nixos/doc/manual/from_md/configuration/kubernetes.chapter.xml | 11 |
2 files changed, 0 insertions, 19 deletions
diff --git a/nixos/doc/manual/configuration/kubernetes.chapter.md b/nixos/doc/manual/configuration/kubernetes.chapter.md index 93787577be9b4..5d7b083289d9c 100644 --- a/nixos/doc/manual/configuration/kubernetes.chapter.md +++ b/nixos/doc/manual/configuration/kubernetes.chapter.md @@ -43,14 +43,6 @@ Note: Assigning either role will also default both and [](#opt-services.kubernetes.easyCerts) to true. This sets up flannel as CNI and activates automatic PKI bootstrapping. -As of kubernetes 1.10.X it has been deprecated to open non-tls-enabled -ports on kubernetes components. Thus, from NixOS 19.03 all plain HTTP -ports have been disabled by default. While opening insecure ports is -still possible, it is recommended not to bind these to other interfaces -than loopback. To re-enable the insecure port on the apiserver, see options: -[](#opt-services.kubernetes.apiserver.insecurePort) and -[](#opt-services.kubernetes.apiserver.insecureBindAddress) - ::: {.note} As of NixOS 19.03, it is mandatory to configure: [](#opt-services.kubernetes.masterAddress). diff --git a/nixos/doc/manual/from_md/configuration/kubernetes.chapter.xml b/nixos/doc/manual/from_md/configuration/kubernetes.chapter.xml index 83a50d7c49d1b..1de19f64bdad1 100644 --- a/nixos/doc/manual/from_md/configuration/kubernetes.chapter.xml +++ b/nixos/doc/manual/from_md/configuration/kubernetes.chapter.xml @@ -47,17 +47,6 @@ services.kubernetes.roles = [ "master" "node" ]; <xref linkend="opt-services.kubernetes.easyCerts" /> to true. This sets up flannel as CNI and activates automatic PKI bootstrapping. </para> - <para> - As of kubernetes 1.10.X it has been deprecated to open - non-tls-enabled ports on kubernetes components. Thus, from NixOS - 19.03 all plain HTTP ports have been disabled by default. While - opening insecure ports is still possible, it is recommended not to - bind these to other interfaces than loopback. To re-enable the - insecure port on the apiserver, see options: - <xref linkend="opt-services.kubernetes.apiserver.insecurePort" /> - and - <xref linkend="opt-services.kubernetes.apiserver.insecureBindAddress" /> - </para> <note> <para> As of NixOS 19.03, it is mandatory to configure: |