Commit Graph

128 Commits (1b5fba6f2fbf8a7fc4b1460ad206c644ebf89ef5)

Author SHA1 Message Date
jmgao 3911f1038e 修改manifests兼容k8s v1.8 2018-06-11 10:15:07 +08:00
jmgao e072b5359a 修改apiserver参数兼容安装 v1.8.x 2018-06-10 12:11:33 +08:00
gjmzj af872c8e7b 简化新增节点步骤 2018-06-10 08:32:34 +08:00
jmgao 9f172965ac bugfix:取消lb组变量设置 2018-06-10 00:16:20 +08:00
jmgao 82badc4f2e 取消lb组变量设置 2018-06-09 23:30:24 +08:00
jmgao 931b2cf1b9 用inventory_hostname替换变量NODE_IP 2018-06-09 22:19:20 +08:00
jmgao 2340b9f214 转移calico/flannel的配置到对应的roles目录 2018-06-09 17:57:17 +08:00
gjmzj e45a023985 update kube-dns 1.14.10 2018-06-08 23:29:58 +08:00
lu f45c0b333d harbor添加解压工具 2018-06-08 23:08:35 +08:00
lu 24639cc41c 升级harbor版本到1.5.1,调整安装路径为/data/harbor,修复安装解压问题 2018-06-08 23:08:35 +08:00
jmgao 2fd22815d2 minor:helm脚本更新 2018-05-31 23:12:14 +08:00
lusyoe 7da2a40bd8 helm添加国内repo url 2018-05-31 23:03:37 +08:00
jmgao f3b788a3e9 更新harbor脚本和文档 2018-05-31 23:01:54 +08:00
gjmzj 3295a2218c 更新升级集群文档 2018-05-29 16:11:18 +08:00
gjmzj af31805e07 更改os-harden为手动选择执行 2018-05-29 11:32:53 +08:00
gjmzj 54652adfa2 修改默认gather_facts: smart 2018-05-28 23:25:45 +08:00
gjmzj 29f0c4cd31 修复calico-controller多网卡问题 2018-05-27 11:08:55 +08:00
gjmzj 68ecb6a23d 更新helm默认rbac设置 2018-05-27 11:00:12 +08:00
gjmzj 2c6419a523 fix helm脚本与文档 2018-05-26 17:55:28 +08:00
lusyoe a000f40ea2 添加 helm 命令自动补全 2018-05-25 15:22:09 +08:00
gjmzj a7dd303fd2 增加修改AIO部署的系统IP的脚本和说明 2018-05-24 16:35:21 +08:00
lusyoe e659038ab7 添加CentOS epel仓库 (#200)
谢谢
2018-05-24 00:08:09 +08:00
gjmzj 58f91ed208 增加安全安装helm的ansible role 2018-05-23 13:54:41 +08:00
gjmzj fe1e5a65a5 设置node roles 2018-05-22 15:57:44 +08:00
gjmzj 15bbc26d3f minor fix:等待node节点Ready 2018-05-20 23:18:53 +08:00
gjmzj 1fd8515711 增加master和node服务重启tags 2018-05-20 00:17:59 +08:00
gjmzj 58ccd3bc88 增加[可选]OS安全加固脚本 2018-05-19 22:40:41 +08:00
gjmzj a0d3ac6ec9 增加升级k8s时服务文件的更新 2018-05-17 23:07:01 +08:00
gjmzj 83bdcfd41a 修复kubelet匿名访问漏洞 2018-05-17 22:51:15 +08:00
spirit 6b6de7881e 修复kubelet安全策略 (#192)
https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
By default, requests to the kubelet’s HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.

To disable anonymous access and send 401 Unauthorized responses to unauthenticated requests:

start the kubelet with the --anonymous-auth=false flag
2018-05-17 22:31:54 +08:00
AEGQ a03fe10ee2 Update main.yml (#194)
永久关闭 selinux 失败。
2018-05-17 22:29:43 +08:00
gjmzj 45b7fab60e 新增upgrade脚本 2018-05-11 11:07:14 +08:00
jmgao 9a8a729e08 prepare release v1102-r1 2018-05-06 23:10:14 +08:00
gjmzj 2f3f9d023d minor fix 2018-05-06 09:08:09 +08:00
jmgao b7a7eef235 lineinfile替换shell sed 2018-05-04 22:11:08 +08:00
Antergone 193a376635 使用lineinfile替换sed 2018-05-04 15:27:46 +08:00
antergone 88ae1783ba
修复原有PATH被覆盖问题 2018-05-03 01:35:48 +08:00
gjmzj f955c23b2e 测试增加OS安全基线,FROM dev-sec/ansible-os-hardening 2018-05-01 10:16:11 +08:00
gjmzj afd667e2a3 更新pause镜像3.1,kube-dns 1.14.9 2018-04-24 23:06:57 +08:00
gjmzj 19cdcd7625 tiny fix in kube-flannel.yaml.j2 2018-04-19 08:48:44 +08:00
gjmzj f7c32c59f9 删除变量MASTER_PORT定义 2018-04-17 21:14:03 +08:00
gjmzj 44a3bb4072 fix:多网卡安装flannel问题 2018-04-17 21:02:44 +08:00
gjmzj 5fa1f880b0 更新basic-env-setup.sh使用说明 2018-04-16 21:03:52 +08:00
gjmzj 11974a4b14 minor fix 2018-04-10 18:58:10 +08:00
gjmzj 6eb58b175a 修复shell执行systemctl enable xx可能报错退出问题 2018-04-10 18:33:24 +08:00
gjmzj b176a8761d minor fix 2018-04-10 18:06:12 +08:00
gjmzj cfa377db76 预装socat,修改apiserver reconciler使用lease模式 2018-04-08 09:39:59 +08:00
gjmzj 08d2d53925 修改calico日志warning级别,增加ubuntu安装conntrack,dashboard文档修订 2018-04-02 13:52:05 +08:00
gjmzj 1174d40cb8 efk日志持久化之静态PV 2018-04-01 12:50:01 +08:00
gjmzj 1e3a88d494 更新安装coredns的yaml配置和说明 2018-03-29 16:27:26 +08:00