From 34722abc460fc5517cc1f6eaaa01f0b8c9799e60 Mon Sep 17 00:00:00 2001 From: Sean Wei Date: Wed, 3 Aug 2022 09:14:00 +0800 Subject: [PATCH] Fix link for TLS bootstrapping --- .../setup-tools/kubeadm/implementation-details.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md b/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md index 4b4e8255b7..911e66aab9 100644 --- a/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md +++ b/content/en/docs/reference/setup-tools/kubeadm/implementation-details.md @@ -6,6 +6,7 @@ title: Implementation details content_type: concept weight: 100 --- + {{< feature-state for_k8s_version="v1.10" state="stable" >}} @@ -110,9 +111,9 @@ The user can skip specific preflight checks or all of them with the `--ignore-pr - [Error] if `/proc/sys/net/bridge/bridge-nf-call-iptables` file does not exist/does not contain 1 - [Error] if advertise address is ipv6 and `/proc/sys/net/bridge/bridge-nf-call-ip6tables` does not exist/does not contain 1. - [Error] if swap is on -- [Error] if `conntrack`, `ip`, `iptables`, `mount`, `nsenter` commands are not present in the command path +- [Error] if `conntrack`, `ip`, `iptables`, `mount`, `nsenter` commands are not present in the command path - [warning] if `ebtables`, `ethtool`, `socat`, `tc`, `touch`, `crictl` commands are not present in the command path -- [warning] if extra arg flags for API server, controller manager, scheduler contains some invalid options +- [warning] if extra arg flags for API server, controller manager, scheduler contains some invalid options - [warning] if connection to https://API.AdvertiseAddress:API.BindPort goes through proxy - [warning] if connection to services subnet goes through proxy (only first address checked) - [warning] if connection to Pods subnet goes through proxy (only first address checked) @@ -277,7 +278,7 @@ Other API server flags that are set unconditionally are: - `--insecure-port=0` to avoid insecure connections to the api server - `--enable-bootstrap-token-auth=true` to enable the `BootstrapTokenAuthenticator` authentication module. - See [TLS Bootstrapping](/docs/reference/access-authn-authn/kubelet-tls-bootstrapping/) for more details + See [TLS Bootstrapping](/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/) for more details - `--allow-privileged` to `true` (required e.g. by kube proxy) - `--requestheader-client-ca-file` to `front-proxy-ca.crt` - `--enable-admission-plugins` to: