jmgao
3911f1038e
修改manifests兼容k8s v1.8
2018-06-11 10:15:07 +08:00
jmgao
e072b5359a
修改apiserver参数兼容安装 v1.8.x
2018-06-10 12:11:33 +08:00
gjmzj
af872c8e7b
简化新增节点步骤
2018-06-10 08:32:34 +08:00
jmgao
9f172965ac
bugfix:取消lb组变量设置
2018-06-10 00:16:20 +08:00
jmgao
82badc4f2e
取消lb组变量设置
2018-06-09 23:30:24 +08:00
jmgao
931b2cf1b9
用inventory_hostname替换变量NODE_IP
2018-06-09 22:19:20 +08:00
jmgao
2340b9f214
转移calico/flannel的配置到对应的roles目录
2018-06-09 17:57:17 +08:00
gjmzj
e45a023985
update kube-dns 1.14.10
2018-06-08 23:29:58 +08:00
lu
f45c0b333d
harbor添加解压工具
2018-06-08 23:08:35 +08:00
lu
24639cc41c
升级harbor版本到1.5.1,调整安装路径为/data/harbor,修复安装解压问题
2018-06-08 23:08:35 +08:00
jmgao
2fd22815d2
minor:helm脚本更新
2018-05-31 23:12:14 +08:00
lusyoe
7da2a40bd8
helm添加国内repo url
2018-05-31 23:03:37 +08:00
jmgao
f3b788a3e9
更新harbor脚本和文档
2018-05-31 23:01:54 +08:00
gjmzj
3295a2218c
更新升级集群文档
2018-05-29 16:11:18 +08:00
gjmzj
af31805e07
更改os-harden为手动选择执行
2018-05-29 11:32:53 +08:00
gjmzj
54652adfa2
修改默认gather_facts: smart
2018-05-28 23:25:45 +08:00
gjmzj
29f0c4cd31
修复calico-controller多网卡问题
2018-05-27 11:08:55 +08:00
gjmzj
68ecb6a23d
更新helm默认rbac设置
2018-05-27 11:00:12 +08:00
gjmzj
2c6419a523
fix helm脚本与文档
2018-05-26 17:55:28 +08:00
lusyoe
a000f40ea2
添加 helm 命令自动补全
2018-05-25 15:22:09 +08:00
gjmzj
a7dd303fd2
增加修改AIO部署的系统IP的脚本和说明
2018-05-24 16:35:21 +08:00
lusyoe
e659038ab7
添加CentOS epel仓库 ( #200 )
...
谢谢
2018-05-24 00:08:09 +08:00
gjmzj
58f91ed208
增加安全安装helm的ansible role
2018-05-23 13:54:41 +08:00
gjmzj
fe1e5a65a5
设置node roles
2018-05-22 15:57:44 +08:00
gjmzj
15bbc26d3f
minor fix:等待node节点Ready
2018-05-20 23:18:53 +08:00
gjmzj
1fd8515711
增加master和node服务重启tags
2018-05-20 00:17:59 +08:00
gjmzj
58ccd3bc88
增加[可选]OS安全加固脚本
2018-05-19 22:40:41 +08:00
gjmzj
a0d3ac6ec9
增加升级k8s时服务文件的更新
2018-05-17 23:07:01 +08:00
gjmzj
83bdcfd41a
修复kubelet匿名访问漏洞
2018-05-17 22:51:15 +08:00
spirit
6b6de7881e
修复kubelet安全策略 ( #192 )
...
https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
By default, requests to the kubelet’s HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.
To disable anonymous access and send 401 Unauthorized responses to unauthenticated requests:
start the kubelet with the --anonymous-auth=false flag
2018-05-17 22:31:54 +08:00
AEGQ
a03fe10ee2
Update main.yml ( #194 )
...
永久关闭 selinux 失败。
2018-05-17 22:29:43 +08:00
gjmzj
45b7fab60e
新增upgrade脚本
2018-05-11 11:07:14 +08:00
jmgao
9a8a729e08
prepare release v1102-r1
2018-05-06 23:10:14 +08:00
gjmzj
2f3f9d023d
minor fix
2018-05-06 09:08:09 +08:00
jmgao
b7a7eef235
lineinfile替换shell sed
2018-05-04 22:11:08 +08:00
Antergone
193a376635
使用lineinfile替换sed
2018-05-04 15:27:46 +08:00
antergone
88ae1783ba
修复原有PATH被覆盖问题
2018-05-03 01:35:48 +08:00
gjmzj
f955c23b2e
测试增加OS安全基线,FROM dev-sec/ansible-os-hardening
2018-05-01 10:16:11 +08:00
gjmzj
afd667e2a3
更新pause镜像3.1,kube-dns 1.14.9
2018-04-24 23:06:57 +08:00
gjmzj
19cdcd7625
tiny fix in kube-flannel.yaml.j2
2018-04-19 08:48:44 +08:00
gjmzj
f7c32c59f9
删除变量MASTER_PORT定义
2018-04-17 21:14:03 +08:00
gjmzj
44a3bb4072
fix:多网卡安装flannel问题
2018-04-17 21:02:44 +08:00
gjmzj
5fa1f880b0
更新basic-env-setup.sh使用说明
2018-04-16 21:03:52 +08:00
gjmzj
11974a4b14
minor fix
2018-04-10 18:58:10 +08:00
gjmzj
6eb58b175a
修复shell执行systemctl enable xx可能报错退出问题
2018-04-10 18:33:24 +08:00
gjmzj
b176a8761d
minor fix
2018-04-10 18:06:12 +08:00
gjmzj
cfa377db76
预装socat,修改apiserver reconciler使用lease模式
2018-04-08 09:39:59 +08:00
gjmzj
08d2d53925
修改calico日志warning级别,增加ubuntu安装conntrack,dashboard文档修订
2018-04-02 13:52:05 +08:00
gjmzj
1174d40cb8
efk日志持久化之静态PV
2018-04-01 12:50:01 +08:00
gjmzj
1e3a88d494
更新安装coredns的yaml配置和说明
2018-03-29 16:27:26 +08:00