edited sentence for clarity
parent
451d4d88ac
commit
e159077704
|
@ -213,7 +213,7 @@ EOF
|
|||
|
||||
### Enable HTTP Health Checks
|
||||
|
||||
A [Google Network Load Balancer](https://cloud.google.com/compute/docs/load-balancing/network) will be used to distribute traffic across the three API servers and allow each API server to terminate TLS connections and validate client certificates. The network load balancer only supports HTTP health checks which means the HTTPS endpoint exposed by the API server cannot be used. As a workaround the nginx webserver can be used to proxy HTTP health checks. In this section nginx will be installed and configured to accept HTTP health checks on port `80` and proxy the connections to the API server on `https://127.0.0.1:6443/healthz`.
|
||||
A [Google Network Load Balancer](https://cloud.google.com/compute/docs/load-balancing/network) will be used to distribute traffic across the three API servers and allow each API server to terminate TLS connections and validate client certificates. The network load balancer only supports HTTP health checks, which means the HTTPS endpoints exposed by the API servers cannot be used. As a workaround, the nginx webserver can be used to proxy HTTP health checks. In this section nginx will be installed and configured to accept HTTP health checks on port `80` and proxy the connections to the API server on `https://127.0.0.1:6443/healthz`.
|
||||
|
||||
> The `/healthz` API server endpoint does not require authentication by default.
|
||||
|
||||
|
@ -294,7 +294,7 @@ In this section you will configure RBAC permissions to allow the Kubernetes API
|
|||
|
||||
> This tutorial sets the Kubelet `--authorization-mode` flag to `Webhook`. Webhook mode uses the [SubjectAccessReview](https://kubernetes.io/docs/admin/authorization/#checking-api-access) API to determine authorization.
|
||||
|
||||
The commands in this section will effect the entire cluster and only need to be run once from one of the controller nodes.
|
||||
The commands in this section will affect the entire cluster and only need to be run once from one of the controller nodes.
|
||||
|
||||
```
|
||||
gcloud compute ssh controller-0
|
||||
|
|
Loading…
Reference in New Issue