From a9c258618798b7793a6a8cc0ff0692cde304035f Mon Sep 17 00:00:00 2001 From: Jacob Simpson Date: Tue, 26 Sep 2017 10:11:56 -0700 Subject: [PATCH] Updates from review. --- _data/tasks.yml | 2 +- docs/tasks/administer-cluster/securing-a-cluster.md | 11 ----------- .../certificate-rotation.md | 11 +++++++++++ 3 files changed, 12 insertions(+), 12 deletions(-) rename docs/tasks/{administer-cluster => tls}/certificate-rotation.md (85%) diff --git a/_data/tasks.yml b/_data/tasks.yml index 8e15884c450e5..b880465dbbdb7 100644 --- a/_data/tasks.yml +++ b/_data/tasks.yml @@ -110,6 +110,7 @@ toc: - title: TLS section: - docs/tasks/tls/managing-tls-in-a-cluster.md + - docs/tasks/tls/certificate-rotation.md - title: Administer a Cluster section: @@ -128,7 +129,6 @@ toc: - docs/tasks/administer-cluster/access-cluster-services.md - docs/tasks/administer-cluster/securing-a-cluster.md - docs/tasks/administer-cluster/encrypt-data.md - - docs/tasks/administer-cluster/certificate-rotation.md - docs/tasks/administer-cluster/configure-upgrade-etcd.md - docs/tasks/administer-cluster/static-pod.md - docs/tasks/administer-cluster/cluster-management.md diff --git a/docs/tasks/administer-cluster/securing-a-cluster.md b/docs/tasks/administer-cluster/securing-a-cluster.md index 31e30c666909a..b967a01138089 100644 --- a/docs/tasks/administer-cluster/securing-a-cluster.md +++ b/docs/tasks/administer-cluster/securing-a-cluster.md @@ -195,17 +195,6 @@ parties that gain access to your etcd backups from viewing the content of those this feature is currently experimental, it may offer an additional level of defense when backups are not encrypted or an attacker gains read access to etcd. -### Kubelet Certificate Rotation - -The kubelet uses certificates for authenticating to the Kubernetes API. -Normally, these certificates are issued with a long expiry date, such that -normally they do not need to be renewed. - -Kubernetes 1.8 contains [kubelet certificate -rotation](/docs/tasks/administer-cluster/certificate-rotation/), a beta feature -that will automatically generate a new key and request a new certificate from -the Kubernetes API to use for authenticating connections. - ### Receiving alerts for security updates and reporting vulnerabilities Join the [kubernetes-announce](https://groups.google.com/forum/#!forum/kubernetes-announce) diff --git a/docs/tasks/administer-cluster/certificate-rotation.md b/docs/tasks/tls/certificate-rotation.md similarity index 85% rename from docs/tasks/administer-cluster/certificate-rotation.md rename to docs/tasks/tls/certificate-rotation.md index 7875b97a31e2b..7c6455cc2b84f 100644 --- a/docs/tasks/administer-cluster/certificate-rotation.md +++ b/docs/tasks/tls/certificate-rotation.md @@ -20,6 +20,17 @@ This page shows how to enable and configure certificate rotation for the kubelet {% capture steps %} +## Overview + +The kubelet uses certificates for authenticating to the Kubernetes API. +Normally, these certificates are issued with a long expiry date, such that +normally they do not need to be renewed. + +Kubernetes 1.8 contains [kubelet certificate +rotation](/docs/tasks/administer-cluster/certificate-rotation/), a beta feature +that will automatically generate a new key and request a new certificate from +the Kubernetes API to use for authenticating connections. + ## Configuration and determining whether certificate rotation is already enabled The `kubelet` process accepts an argument `--rotate-certificates` that controls