jmgao
2fd22815d2
minor:helm脚本更新
2018-05-31 23:12:14 +08:00
lusyoe
7da2a40bd8
helm添加国内repo url
2018-05-31 23:03:37 +08:00
jmgao
f3b788a3e9
更新harbor脚本和文档
2018-05-31 23:01:54 +08:00
gjmzj
3295a2218c
更新升级集群文档
2018-05-29 16:11:18 +08:00
gjmzj
af31805e07
更改os-harden为手动选择执行
2018-05-29 11:32:53 +08:00
gjmzj
54652adfa2
修改默认gather_facts: smart
2018-05-28 23:25:45 +08:00
gjmzj
29f0c4cd31
修复calico-controller多网卡问题
2018-05-27 11:08:55 +08:00
gjmzj
68ecb6a23d
更新helm默认rbac设置
2018-05-27 11:00:12 +08:00
gjmzj
2c6419a523
fix helm脚本与文档
2018-05-26 17:55:28 +08:00
lusyoe
a000f40ea2
添加 helm 命令自动补全
2018-05-25 15:22:09 +08:00
gjmzj
a7dd303fd2
增加修改AIO部署的系统IP的脚本和说明
2018-05-24 16:35:21 +08:00
lusyoe
e659038ab7
添加CentOS epel仓库 ( #200 )
...
谢谢
2018-05-24 00:08:09 +08:00
gjmzj
58f91ed208
增加安全安装helm的ansible role
2018-05-23 13:54:41 +08:00
gjmzj
fe1e5a65a5
设置node roles
2018-05-22 15:57:44 +08:00
gjmzj
15bbc26d3f
minor fix:等待node节点Ready
2018-05-20 23:18:53 +08:00
gjmzj
1fd8515711
增加master和node服务重启tags
2018-05-20 00:17:59 +08:00
gjmzj
58ccd3bc88
增加[可选]OS安全加固脚本
2018-05-19 22:40:41 +08:00
gjmzj
a0d3ac6ec9
增加升级k8s时服务文件的更新
2018-05-17 23:07:01 +08:00
gjmzj
83bdcfd41a
修复kubelet匿名访问漏洞
2018-05-17 22:51:15 +08:00
spirit
6b6de7881e
修复kubelet安全策略 ( #192 )
...
https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
By default, requests to the kubelet’s HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.
To disable anonymous access and send 401 Unauthorized responses to unauthenticated requests:
start the kubelet with the --anonymous-auth=false flag
2018-05-17 22:31:54 +08:00
AEGQ
a03fe10ee2
Update main.yml ( #194 )
...
永久关闭 selinux 失败。
2018-05-17 22:29:43 +08:00
gjmzj
45b7fab60e
新增upgrade脚本
2018-05-11 11:07:14 +08:00
jmgao
9a8a729e08
prepare release v1102-r1
2018-05-06 23:10:14 +08:00
gjmzj
2f3f9d023d
minor fix
2018-05-06 09:08:09 +08:00
jmgao
b7a7eef235
lineinfile替换shell sed
2018-05-04 22:11:08 +08:00
Antergone
193a376635
使用lineinfile替换sed
2018-05-04 15:27:46 +08:00
antergone
88ae1783ba
修复原有PATH被覆盖问题
2018-05-03 01:35:48 +08:00
gjmzj
f955c23b2e
测试增加OS安全基线,FROM dev-sec/ansible-os-hardening
2018-05-01 10:16:11 +08:00
gjmzj
afd667e2a3
更新pause镜像3.1,kube-dns 1.14.9
2018-04-24 23:06:57 +08:00
gjmzj
19cdcd7625
tiny fix in kube-flannel.yaml.j2
2018-04-19 08:48:44 +08:00
gjmzj
f7c32c59f9
删除变量MASTER_PORT定义
2018-04-17 21:14:03 +08:00
gjmzj
44a3bb4072
fix:多网卡安装flannel问题
2018-04-17 21:02:44 +08:00
gjmzj
5fa1f880b0
更新basic-env-setup.sh使用说明
2018-04-16 21:03:52 +08:00
gjmzj
11974a4b14
minor fix
2018-04-10 18:58:10 +08:00
gjmzj
6eb58b175a
修复shell执行systemctl enable xx可能报错退出问题
2018-04-10 18:33:24 +08:00
gjmzj
b176a8761d
minor fix
2018-04-10 18:06:12 +08:00
gjmzj
cfa377db76
预装socat,修改apiserver reconciler使用lease模式
2018-04-08 09:39:59 +08:00
gjmzj
08d2d53925
修改calico日志warning级别,增加ubuntu安装conntrack,dashboard文档修订
2018-04-02 13:52:05 +08:00
gjmzj
1174d40cb8
efk日志持久化之静态PV
2018-04-01 12:50:01 +08:00
gjmzj
1e3a88d494
更新安装coredns的yaml配置和说明
2018-03-29 16:27:26 +08:00
gjmzj
566a374c99
minor changes
2018-03-29 09:24:04 +08:00
gjmzj
99ea4b1144
update k8s 1.9.6 && minor fix
2018-03-28 17:59:26 +08:00
gjmzj
84b46057a7
更新等待node状态Ready脚本
2018-03-25 18:28:49 +08:00
gjmzj
825a241ed3
修改判断证书是否存在的方式
2018-03-24 09:25:20 +08:00
gjmzj
b33ab0eea2
优化等待kubelet启动bootstrap机制
2018-03-22 22:41:43 +08:00
gjmzj
65f0d5e30b
update k8s1.9.4 & minor fix
2018-03-19 14:37:43 +08:00
gjmzj
160f9b2a2d
更新添加master节点步骤和文档
2018-03-18 22:51:05 +08:00
gjmzj
7563af41a9
安装步骤文档更新
2018-03-18 18:25:38 +08:00
gjmzj
78512c6590
Merge pull request #135 from panhongyin/master
...
修复selinux配置BUG,添加kubectl自动补全,添加SSHKEY复制脚本
2018-03-16 18:30:04 +08:00
gjmzj
b51f722202
优化安装流程,修复多主模式dashboard访问bug
2018-03-16 18:23:34 +08:00
panhongyin
053d2a0935
1: 添加实用工具集目录tools
...
2: 添加sshkey自动复制脚本,方便ansible的使用
3:添加kubectl自动补全配置
4:修复CentOS系统下selinux配置BUG
2018-03-16 17:52:02 +08:00
panhongyin
182b082518
1: 删除NODE_ID主机变量,改成使用ansible的run_once运行单节点任务
...
2:在keepalived模板中添加24位子网掩码
3:添加等待master节点服务启动完成检测任务
4:添加kubectl create之前的检测任务,避免重复操作时报错
2018-03-14 16:53:21 +08:00
jmgao
92afc3ba34
增加配置keepalived参数:virtual_router_id
2018-03-09 22:29:39 +08:00
jmgao
e4685e5fa4
更新增加master节点的步骤和文档
2018-03-09 22:02:55 +08:00
jmgao
b19600963d
允许忽略 br_netfilter 模块加载错误
2018-03-06 11:05:19 +08:00
jmgao
ddb762f6c5
更新lb部分设置和文档
2018-03-02 15:16:40 +08:00
jmgao
c3af702c7b
update calico 3.0.3
2018-02-28 17:53:26 +08:00
jmgao
dfbfaadaa2
minor changes
2018-02-25 12:30:15 +08:00
jmgao
cd9d70060f
update calico to 2.6.7
2018-02-25 10:34:32 +08:00
jmgao
6d3e2025ad
调整更新etcd不需要重新生成证书
2018-02-19 09:04:50 +08:00
jmgao
75097d5188
update k8s 1.9.3
2018-02-19 08:35:59 +08:00
lifeng
c7957a9e50
haproxy代理设置超时时间为10分钟,避免进入容器过早退出
2018-02-07 10:25:21 +08:00
jmgao
61096e90ec
更新docker容器日志限制配置
2018-01-29 18:25:27 +08:00
jmgao
15a4ae943b
update kubedns to 1.14.8
2018-01-27 13:54:12 +08:00
gjmzj
cf7917aa1c
Revert "在k8s中,配置GPU节点"
2018-01-25 19:16:33 +08:00
unknown
e7c530db59
add gpu node config
2018-01-22 10:02:13 +08:00
jmgao
f94c78dc21
minor changes
2018-01-13 11:33:40 +08:00
tracybin
7611edcbdf
开启ipv4内核转发之前加载br_netfilter模块
2018-01-11 18:34:46 +08:00
jmgao
3b4f5879be
fix 系统参数设置错误可忽略
2018-01-08 18:59:18 +08:00
jmgao
d7c6b8a89e
更新安装步骤文档
2018-01-05 23:05:22 +08:00
jmgao
31dff09bf5
DaemonSet Flannel 网络插件
2018-01-04 22:50:09 +08:00
jmgao
3b0df004df
DaemonSet Calico 网络插件
2018-01-04 22:00:34 +08:00
jmgao
4c1f7bceed
增加flannel网络支持
2018-01-02 22:12:51 +08:00
gjmzj
331bf56cb6
更新清理网络脚本
2017-12-31 10:25:56 +08:00
gjmzj
3e5b7f4a63
init flannel
2017-12-30 20:19:50 +08:00
jmgao
9615547f9d
修复calico多网卡IP选取问题
2017-12-29 18:48:39 +08:00
jmgao
ad4ee94a11
修复1.9.0 kube-controller-manager默认参数HPA cpu利用率取不到问题
2017-12-28 20:32:51 +08:00
jmgao
470f0d4f29
调整部分系统参数
2017-12-28 14:34:04 +08:00
jmgao
bd84affb6b
更新harbor文档
2017-12-25 22:01:44 +08:00
jmgao
f697d49c86
增加harbor部署
2017-12-25 15:05:21 +08:00
DiamondYuan
d70a958616
pause镜像地址 可配置
2017-12-19 17:46:34 +08:00
jmgao
6134c1ae2d
更新K8S v1.9.0
2017-12-19 10:27:49 +08:00
jmgao
b3daae9c97
fix集群清理相关
2017-12-15 21:20:26 +08:00
jmgao
49993180fb
minor fix in haproxy.service.j2
2017-12-15 20:30:15 +08:00
jmgao
befa6ee59c
minor fix
2017-12-15 20:22:31 +08:00
jmgao
321331286e
修复centos系统重启haproxy启动失败问题
2017-12-15 19:56:26 +08:00
jmgao
59d8ac5379
fix centos安装keepalived和haproxy问题
2017-12-15 19:14:39 +08:00
jmgao
1ba3b72539
关闭centos selinux
2017-12-15 17:27:56 +08:00
jmgao
a37ce501e0
修复CentOS 下haproxy 工作目录
2017-12-15 16:26:37 +08:00
jmgao
5c2a151b2b
修复ansible条件判断可能失败问题
2017-12-15 10:25:32 +08:00
jmgao
0a343fb960
minor fix
2017-12-14 23:47:16 +08:00
jmgao
f62454199f
small fix
2017-12-14 23:18:57 +08:00
jmgao
2c8d59abcd
增加CentOS 7支持
2017-12-14 23:09:56 +08:00
jmgao
c1b5ac40a8
fix: kubelet启动选取cloud-provider问题
2017-12-12 17:01:11 +08:00
jmgao
65c5102f0e
minor fix
2017-12-11 11:06:00 +08:00
jmgao
30d1c86d81
fix集群安装的幂等性
2017-12-11 09:52:20 +08:00
jmgao
2d26c016ba
重命名roles/ca为roles/deploy, 更新 kubedns部署相关文件
2017-12-08 16:17:16 +08:00
jmgao
ec4a07f8ba
bugfix: NetworkPolicy 跨节点失效问题
2017-12-06 11:14:22 +08:00
jmgao
9048ef00ba
设置kube-proxy参数--masquerade-all=false
2017-12-05 21:31:28 +08:00
jmgao
4adf581ac2
minor changes
2017-12-05 09:59:56 +08:00
jmgao
429bed5ce9
修改calico与访问etcd的证书
2017-12-04 20:20:17 +08:00
jmgao
026674a799
更新06-安装kube-master节点.md
2017-12-03 16:26:33 +08:00
jmgao
11f83831fe
增加查询镜像tag的小工具,更新04-安装docker服务.md
2017-12-02 11:39:12 +08:00
jmgao
d139608e72
minor changes
2017-11-30 22:44:45 +08:00
jmgao
2211e3aed9
更新02-安装etcd集群.md
2017-11-30 22:23:19 +08:00
jmgao
91358a9f65
更新#集群 MASTER IP, 需要负载均衡,一般为VIP地址
2017-11-30 15:01:24 +08:00
jmgao
7bf48d26d7
fix:清理iptables
2017-11-28 23:27:38 +08:00
jmgao
e8291088ed
增加等待kube-apiserver/kubelet启动延迟
2017-11-26 12:36:58 +08:00
jmgao
25c49c9cf4
修正多主多节点集群部署脚本
2017-11-26 09:34:33 +08:00
jmgao
b904133b13
cni-calico参数调整,minor changes
2017-11-25 21:31:00 +08:00
jmgao
a850af10c4
增加calicoctl安装,默认关闭IP-in-IP
2017-11-22 12:34:51 +08:00
jmgao
5f65b4c7f5
approve csr之前增加15s等待kubelet启动完成
2017-11-21 20:39:11 +08:00
jmgao
22d95cd779
修正一些 kubelet/apiserver启动参数
2017-11-21 11:27:06 +08:00
jmgao
42b7cd782b
增加常用插件yaml配置
2017-11-21 09:01:24 +08:00
jmgao
0685f87fc1
fix bug in 95.clean.yml: cannot remove‘/var/run/docker/netns/default’: Device or resource busy
2017-11-12 16:17:50 +08:00
jmgao
253f109e47
更新90.setup.yml 95.clean.yml
2017-11-12 14:54:20 +08:00
jmgao
1907318028
add calico-kube-controllers
2017-11-12 09:16:20 +08:00
jmgao
3367d512ad
k8s-calico initial commit
2017-11-11 19:14:21 +08:00