Commit Graph

100 Commits (83bdcfd41a847b8c5917c20545be202f11374ea9)

Author SHA1 Message Date
gjmzj 83bdcfd41a 修复kubelet匿名访问漏洞 2018-05-17 22:51:15 +08:00
spirit 6b6de7881e 修复kubelet安全策略 (#192)
https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
By default, requests to the kubelet’s HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.

To disable anonymous access and send 401 Unauthorized responses to unauthenticated requests:

start the kubelet with the --anonymous-auth=false flag
2018-05-17 22:31:54 +08:00
AEGQ a03fe10ee2 Update main.yml (#194)
永久关闭 selinux 失败。
2018-05-17 22:29:43 +08:00
gjmzj 45b7fab60e 新增upgrade脚本 2018-05-11 11:07:14 +08:00
jmgao 9a8a729e08 prepare release v1102-r1 2018-05-06 23:10:14 +08:00
gjmzj 2f3f9d023d minor fix 2018-05-06 09:08:09 +08:00
jmgao b7a7eef235 lineinfile替换shell sed 2018-05-04 22:11:08 +08:00
Antergone 193a376635 使用lineinfile替换sed 2018-05-04 15:27:46 +08:00
antergone 88ae1783ba
修复原有PATH被覆盖问题 2018-05-03 01:35:48 +08:00
gjmzj f955c23b2e 测试增加OS安全基线,FROM dev-sec/ansible-os-hardening 2018-05-01 10:16:11 +08:00
gjmzj afd667e2a3 更新pause镜像3.1,kube-dns 1.14.9 2018-04-24 23:06:57 +08:00
gjmzj 19cdcd7625 tiny fix in kube-flannel.yaml.j2 2018-04-19 08:48:44 +08:00
gjmzj f7c32c59f9 删除变量MASTER_PORT定义 2018-04-17 21:14:03 +08:00
gjmzj 44a3bb4072 fix:多网卡安装flannel问题 2018-04-17 21:02:44 +08:00
gjmzj 5fa1f880b0 更新basic-env-setup.sh使用说明 2018-04-16 21:03:52 +08:00
gjmzj 11974a4b14 minor fix 2018-04-10 18:58:10 +08:00
gjmzj 6eb58b175a 修复shell执行systemctl enable xx可能报错退出问题 2018-04-10 18:33:24 +08:00
gjmzj b176a8761d minor fix 2018-04-10 18:06:12 +08:00
gjmzj cfa377db76 预装socat,修改apiserver reconciler使用lease模式 2018-04-08 09:39:59 +08:00
gjmzj 08d2d53925 修改calico日志warning级别,增加ubuntu安装conntrack,dashboard文档修订 2018-04-02 13:52:05 +08:00
gjmzj 1174d40cb8 efk日志持久化之静态PV 2018-04-01 12:50:01 +08:00
gjmzj 1e3a88d494 更新安装coredns的yaml配置和说明 2018-03-29 16:27:26 +08:00
gjmzj 566a374c99 minor changes 2018-03-29 09:24:04 +08:00
gjmzj 99ea4b1144 update k8s 1.9.6 && minor fix 2018-03-28 17:59:26 +08:00
gjmzj 84b46057a7 更新等待node状态Ready脚本 2018-03-25 18:28:49 +08:00
gjmzj 825a241ed3 修改判断证书是否存在的方式 2018-03-24 09:25:20 +08:00
gjmzj b33ab0eea2 优化等待kubelet启动bootstrap机制 2018-03-22 22:41:43 +08:00
gjmzj 65f0d5e30b update k8s1.9.4 & minor fix 2018-03-19 14:37:43 +08:00
gjmzj 160f9b2a2d 更新添加master节点步骤和文档 2018-03-18 22:51:05 +08:00
gjmzj 7563af41a9 安装步骤文档更新 2018-03-18 18:25:38 +08:00
gjmzj 78512c6590
Merge pull request #135 from panhongyin/master
修复selinux配置BUG,添加kubectl自动补全,添加SSHKEY复制脚本
2018-03-16 18:30:04 +08:00
gjmzj b51f722202 优化安装流程,修复多主模式dashboard访问bug 2018-03-16 18:23:34 +08:00
panhongyin 053d2a0935 1: 添加实用工具集目录tools
2: 添加sshkey自动复制脚本,方便ansible的使用
3:添加kubectl自动补全配置
4:修复CentOS系统下selinux配置BUG
2018-03-16 17:52:02 +08:00
panhongyin 182b082518 1: 删除NODE_ID主机变量,改成使用ansible的run_once运行单节点任务
2:在keepalived模板中添加24位子网掩码
3:添加等待master节点服务启动完成检测任务
4:添加kubectl create之前的检测任务,避免重复操作时报错
2018-03-14 16:53:21 +08:00
jmgao 92afc3ba34 增加配置keepalived参数:virtual_router_id 2018-03-09 22:29:39 +08:00
jmgao e4685e5fa4 更新增加master节点的步骤和文档 2018-03-09 22:02:55 +08:00
jmgao b19600963d 允许忽略 br_netfilter 模块加载错误 2018-03-06 11:05:19 +08:00
jmgao ddb762f6c5 更新lb部分设置和文档 2018-03-02 15:16:40 +08:00
jmgao c3af702c7b update calico 3.0.3 2018-02-28 17:53:26 +08:00
jmgao dfbfaadaa2 minor changes 2018-02-25 12:30:15 +08:00
jmgao cd9d70060f update calico to 2.6.7 2018-02-25 10:34:32 +08:00
jmgao 6d3e2025ad 调整更新etcd不需要重新生成证书 2018-02-19 09:04:50 +08:00
jmgao 75097d5188 update k8s 1.9.3 2018-02-19 08:35:59 +08:00
lifeng c7957a9e50 haproxy代理设置超时时间为10分钟,避免进入容器过早退出 2018-02-07 10:25:21 +08:00
jmgao 61096e90ec 更新docker容器日志限制配置 2018-01-29 18:25:27 +08:00
jmgao 15a4ae943b update kubedns to 1.14.8 2018-01-27 13:54:12 +08:00
gjmzj cf7917aa1c
Revert "在k8s中,配置GPU节点" 2018-01-25 19:16:33 +08:00
unknown e7c530db59 add gpu node config 2018-01-22 10:02:13 +08:00
jmgao f94c78dc21 minor changes 2018-01-13 11:33:40 +08:00
tracybin 7611edcbdf 开启ipv4内核转发之前加载br_netfilter模块 2018-01-11 18:34:46 +08:00