kube-apiserver options

kube-apiserver options

Common configuration file section: spec.apiServer

The externalAddress field is not available for child clusters. Instead, this address is automatically generated by the CAPI provider.
To obtain the created external address:
```
CHILD_CLUSTER_NAME=the-name-of-the-child-cluster
EXTERNAL_ADDRESS="https://$(kubectl -n k0rdent get awscluster
$CHILD_CLUSTER_NAME -o
jsonpath='{.status.networkStatus.apiServerElb.dnsName}'):30001"
```
You can use the address generated under the EXTERNAL_ADDRESS variable to access Ingress controller and the MKE dashboard.
Use the encryptionConfigSecret parameter instead of encryptionProvider. To use the custom EncryptionConfig, you must create a secret in the k0rdent namespace with a key value and the content of the custom configuration as the value, and then you need to set the name of this secret to the encryptionConfigSecret property.
Example:
1. Create the custom EncryptionConfig.
2. Create the secret with the content of the prepared EncryptionConfig in the k0rdent namespace where the MkeChildConfig object will be applied:
```
kubectl -n k0rdent create secret generic custom-encryption-config
--from-file=value=path/to/custom/config.cfg
```
3. Set the name of the secret to MkeChildConfig:
```
spec:
  apiServer:
    encryptionConfigSecret: custom-encryption-config
```

Refer to kube-apiserver for more details.

Last updated on September 16, 2025

Infrastructure options Backup and restore options