File tree Expand file tree Collapse file tree 1 file changed +10
-0
lines changed
keps/sig-auth/3221-structured-authorization-configuration Expand file tree Collapse file tree 1 file changed +10
-0
lines changed Original file line number Diff line number Diff line change @@ -293,6 +293,16 @@ configuring an authorization webhook using the `--authorization-webhook-*`
293293command line flags will not be allowed. If the user does that,
294294there will be an error and API Server would exit right away.
295295
296+ For HA Clusters, the cluster administrator needs to be careful about the
297+ migrating from using the old flags to the config file format. Here is a
298+ proposed way :
299+ 1. Translate existing CLI flags to the structured config in each servers. Ensure
300+ that it is exactly the same across servers.
301+ 2. Change the flags on kube-apiserver to use the config.
302+ 3. Restart on kube-apiserver at a time.
303+ 4. Parellely, update the config files to the final desired config. The automatic
304+ reloader would pick up the changes. There would be a minutes order of delay.
305+
296306The configuration would be validated at startup and the API server will fail to
297307start if the configuration is invalid.
298308
You can’t perform that action at this time.
0 commit comments