Doc changes for TLS and loadBalancerIP changes (googleforgames#1784)

* Added documentation for disableMTLS and disableTLS flags. * Added documentation about the fixed load balancer IP as well. * Fixed a link typo in the allocator-service.md doc. * Fixed typo in the name of the Agones loadBalancerIP flag. * Modified wording on the docs. * Clarified the text for disableTLS vs disableMTLS. * Moved disableMTLS to the 'New Configuration Changes' section. * Fixed more wording issues. Co-authored-by: Nikhil Athreya <nathreya@google.com> Co-authored-by: pooneh-m <46979170+pooneh-m@users.noreply.github.com>
ilkercelikyilmaz · Oct 23, 2020 · 70ab161 · 70ab161
1 parent 6055fd4
commit 70ab161
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/site/content/en/docs/Advanced/allocator-service.md b/site/content/en/docs/Advanced/allocator-service.md
@@ -29,6 +29,10 @@ agones-allocator            LoadBalancer   10.55.251.73    <b>34.82.195.204</b>
 
 ## Server TLS certificate
 
+{{% feature publishVersion="1.9.0" %}}
+If the `agones-allocator` service is installed as a `LoadBalancer` [using a static IP]({{< relref "/docs/Installation/Install Agones/helm.md#reserved-allocator-load-balancer-ip" >}}), a valid self-signed server TLS certificate is generated using the IP provided. Otherwise, the server TLS certificate should be replaced.
+{{% /feature %}}
+
 Replace the default server TLS certificate with a certificate with CN and subjectAltName. There are multiple approaches to generate a certificate. Agones recommends using [cert-manager.io](https://cert-manager.io/) solution for cluster level certificate management.
 
 In order to use cert-manager solution, first, [install cert-manager](https://cert-manager.io/docs/installation/kubernetes/) on the cluster. Then, [configure](https://cert-manager.io/docs/configuration/) an `Issuer`/`ClusterIssuer` resource and last configure a `Certificate` resource to manage allocator-tls `Secret`.

diff --git a/site/content/en/docs/Installation/Install Agones/helm.md b/site/content/en/docs/Installation/Install Agones/helm.md
@@ -229,6 +229,8 @@ The following tables lists the configurable parameters of the Agones chart and t
 | Parameter                                           | Description                                                                                     | Default                |
 | --------------------------------------------------- | ----------------------------------------------------------------------------------------------- | ---------------------- |
 | `agones.allocator.http.loadBalancerIP`              | The [Load Balancer IP][loadBalancerIP] of the Agones allocator load balancer. Only works if the Kubernetes provider supports this option. | ""                     |
+| `agones.allocator.disableMTLS`                      | Turns off client cert authentication for incoming connections to the allocator.            | `false`                |
+| `agones.allocator.disableTLS`                       | Turns off TLS security for incoming connections to the allocator. | `false`                |
 
 {{% /feature %}}
 
@@ -283,7 +285,7 @@ RUNNING: agones-test
 ERROR: pods "agones-test" already exists
 Error: 1 test(s) failed
 ```
-That mean that you skiped `--cleanup` flag and you should either delete `agones-test` pod manually or run with the same test `helm test my-release --cleanup` two more times.
+That means that you skipped the `--cleanup` flag and you should either delete the `agones-test` pod manually or run with the same test `helm test my-release --cleanup` two more times.
 {{< /alert >}}
 
 ## TLS Certificates
@@ -295,6 +297,15 @@ For most use cases the controller would have required a restart anyway (eg: cont
 You can use our script located at {{< ghlink href="install/helm/agones/certs/cert.sh" >}}cert.sh{{< /ghlink >}} to generate them.
 {{< /alert >}}
 
+{{% feature publishVersion="1.9.0" %}}
+## Reserved Allocator Load Balancer IP
+
+In order to reuse the existing load balancer IP on upgrade or install the `agones-allocator` service as a `LoadBalancer` using a reserved static IP, a user can specify the load balancer's IP with the `agones.allocator.http.loadBalancerIP` helm configuration parameter value. By setting the `loadBalancerIP` value:
+
+1. The `LoadBalancer` is created with the specified IP, if supported by the cloud provider.
+2. A self-signed server TLS certificate is generated for the IP, used by the `agones-allocator` service.
+{{% /feature %}}
+
 ## Next Steps
 
 - [Confirm Agones is up and running]({{< relref "../confirm.md" >}})