Commit Graph

601 Commits (b278aa1ef4d428cdd87a0d6aaaf8e2b8a5e881e4)

Author SHA1 Message Date
TimeBye 7ff1d71ef3 [IMP]update kube-apiserver-v1.8 apiserver-count (#254) 2018-07-06 08:43:56 +08:00
gjmzj e695c7cbb1 fix: metrics-server允许的client cert问题 2018-07-05 15:46:42 +08:00
changealice 48f473b745 harbor点击tag界面出现\"发生未知错误,请稍后再试" (#250) 2018-07-04 16:15:21 +08:00
yuyicai 3cf84e9d0e fix #242: 添加CA有效期参数,设定CA有效期为15年(131400h) (#245) 2018-07-03 13:20:50 +08:00
gjmzj 4f82c79fa2 fix x509: subject with cn=system:node: is not in the allowed list: [aggregator] 2018-07-02 12:27:19 +08:00
gjmzj 369cc188b0 Merge branch 'dev' 2018-06-29 18:16:08 +08:00
gjmzj ae0f5b242f fix集成离线镜像安装脚本 2018-06-29 15:26:01 +08:00
lusyoe 4c0bd5c50a fix #239 harbor调整安装解压工具, 适配多系统 (#240) 2018-06-28 22:17:16 +08:00
gjmzj 62162c3802 update coredns 1.1.3 2018-06-28 17:38:43 +08:00
gjmzj 7699870ba4 更新集成其他k8s组件的离线安装 2018-06-28 10:52:20 +08:00
gjmzj 837b579c66 集成使用离线docker镜像安装网络插件 2018-06-26 21:06:52 +08:00
gjmzj 266238454a minor 文档更新 2018-06-23 12:42:02 +08:00
gjmzj 211ffb79a5 fix从0.1.0版本升级apiserver服务启动失败问题 2018-06-22 22:48:14 +08:00
gjmzj 465b79ca50 修改部分镜像拉取策略 2018-06-22 18:01:43 +08:00
gjmzj 7d66f66400 新增metrics-server、cluster-addon文档及相关文档更新 2018-06-19 21:45:17 +08:00
gjmzj 6f201476bd 增加等待网络插件正常运行 2018-06-18 00:04:00 +08:00
gjmzj 1b1e3a11fa 更新自动安装cluster-addon 2018-06-17 23:19:04 +08:00
gjmzj d66a5ef5ba fix aggregator proxy client cert issue 2018-06-17 13:07:57 +08:00
gjmzj 1b4864b669 metric server集成配置 2018-06-17 10:46:25 +08:00
gjmzj 2f65a8bba6 minor 脚本和文档更新 2018-06-15 10:52:59 +08:00
gjmzj deb9edeab8 更新kube-router相关文档及清除脚本 2018-06-14 23:34:03 +08:00
gjmzj 1d737f6477 更新kube-router with service-proxy 2018-06-14 21:38:39 +08:00
gjmzj 8d19b7f9d8 更新kube-router without service-proxy 2018-06-14 09:39:47 +08:00
jmgao 3911f1038e 修改manifests兼容k8s v1.8 2018-06-11 10:15:07 +08:00
jmgao e072b5359a 修改apiserver参数兼容安装 v1.8.x 2018-06-10 12:11:33 +08:00
gjmzj af872c8e7b 简化新增节点步骤 2018-06-10 08:32:34 +08:00
jmgao 9f172965ac bugfix:取消lb组变量设置 2018-06-10 00:16:20 +08:00
jmgao 82badc4f2e 取消lb组变量设置 2018-06-09 23:30:24 +08:00
jmgao 931b2cf1b9 用inventory_hostname替换变量NODE_IP 2018-06-09 22:19:20 +08:00
jmgao 2340b9f214 转移calico/flannel的配置到对应的roles目录 2018-06-09 17:57:17 +08:00
gjmzj e45a023985 update kube-dns 1.14.10 2018-06-08 23:29:58 +08:00
lu f45c0b333d harbor添加解压工具 2018-06-08 23:08:35 +08:00
lu 24639cc41c 升级harbor版本到1.5.1,调整安装路径为/data/harbor,修复安装解压问题 2018-06-08 23:08:35 +08:00
jmgao 2fd22815d2 minor:helm脚本更新 2018-05-31 23:12:14 +08:00
lusyoe 7da2a40bd8 helm添加国内repo url 2018-05-31 23:03:37 +08:00
jmgao f3b788a3e9 更新harbor脚本和文档 2018-05-31 23:01:54 +08:00
gjmzj 3295a2218c 更新升级集群文档 2018-05-29 16:11:18 +08:00
gjmzj af31805e07 更改os-harden为手动选择执行 2018-05-29 11:32:53 +08:00
gjmzj 54652adfa2 修改默认gather_facts: smart 2018-05-28 23:25:45 +08:00
gjmzj 29f0c4cd31 修复calico-controller多网卡问题 2018-05-27 11:08:55 +08:00
gjmzj 68ecb6a23d 更新helm默认rbac设置 2018-05-27 11:00:12 +08:00
gjmzj 2c6419a523 fix helm脚本与文档 2018-05-26 17:55:28 +08:00
lusyoe a000f40ea2 添加 helm 命令自动补全 2018-05-25 15:22:09 +08:00
gjmzj a7dd303fd2 增加修改AIO部署的系统IP的脚本和说明 2018-05-24 16:35:21 +08:00
lusyoe e659038ab7 添加CentOS epel仓库 (#200)
谢谢
2018-05-24 00:08:09 +08:00
gjmzj 58f91ed208 增加安全安装helm的ansible role 2018-05-23 13:54:41 +08:00
gjmzj fe1e5a65a5 设置node roles 2018-05-22 15:57:44 +08:00
gjmzj 15bbc26d3f minor fix:等待node节点Ready 2018-05-20 23:18:53 +08:00
gjmzj 1fd8515711 增加master和node服务重启tags 2018-05-20 00:17:59 +08:00
gjmzj 58ccd3bc88 增加[可选]OS安全加固脚本 2018-05-19 22:40:41 +08:00
gjmzj a0d3ac6ec9 增加升级k8s时服务文件的更新 2018-05-17 23:07:01 +08:00
gjmzj 83bdcfd41a 修复kubelet匿名访问漏洞 2018-05-17 22:51:15 +08:00
spirit 6b6de7881e 修复kubelet安全策略 (#192)
https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
By default, requests to the kubelet’s HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.

To disable anonymous access and send 401 Unauthorized responses to unauthenticated requests:

start the kubelet with the --anonymous-auth=false flag
2018-05-17 22:31:54 +08:00
AEGQ a03fe10ee2 Update main.yml (#194)
永久关闭 selinux 失败。
2018-05-17 22:29:43 +08:00
gjmzj 45b7fab60e 新增upgrade脚本 2018-05-11 11:07:14 +08:00
jmgao 9a8a729e08 prepare release v1102-r1 2018-05-06 23:10:14 +08:00
gjmzj 2f3f9d023d minor fix 2018-05-06 09:08:09 +08:00
jmgao b7a7eef235 lineinfile替换shell sed 2018-05-04 22:11:08 +08:00
Antergone 193a376635 使用lineinfile替换sed 2018-05-04 15:27:46 +08:00
antergone 88ae1783ba
修复原有PATH被覆盖问题 2018-05-03 01:35:48 +08:00
gjmzj f955c23b2e 测试增加OS安全基线,FROM dev-sec/ansible-os-hardening 2018-05-01 10:16:11 +08:00
gjmzj afd667e2a3 更新pause镜像3.1,kube-dns 1.14.9 2018-04-24 23:06:57 +08:00
gjmzj 19cdcd7625 tiny fix in kube-flannel.yaml.j2 2018-04-19 08:48:44 +08:00
gjmzj f7c32c59f9 删除变量MASTER_PORT定义 2018-04-17 21:14:03 +08:00
gjmzj 44a3bb4072 fix:多网卡安装flannel问题 2018-04-17 21:02:44 +08:00
gjmzj 5fa1f880b0 更新basic-env-setup.sh使用说明 2018-04-16 21:03:52 +08:00
gjmzj 11974a4b14 minor fix 2018-04-10 18:58:10 +08:00
gjmzj 6eb58b175a 修复shell执行systemctl enable xx可能报错退出问题 2018-04-10 18:33:24 +08:00
gjmzj b176a8761d minor fix 2018-04-10 18:06:12 +08:00
gjmzj cfa377db76 预装socat,修改apiserver reconciler使用lease模式 2018-04-08 09:39:59 +08:00
gjmzj 08d2d53925 修改calico日志warning级别,增加ubuntu安装conntrack,dashboard文档修订 2018-04-02 13:52:05 +08:00
gjmzj 1174d40cb8 efk日志持久化之静态PV 2018-04-01 12:50:01 +08:00
gjmzj 1e3a88d494 更新安装coredns的yaml配置和说明 2018-03-29 16:27:26 +08:00
gjmzj 566a374c99 minor changes 2018-03-29 09:24:04 +08:00
gjmzj 99ea4b1144 update k8s 1.9.6 && minor fix 2018-03-28 17:59:26 +08:00
gjmzj 84b46057a7 更新等待node状态Ready脚本 2018-03-25 18:28:49 +08:00
gjmzj 825a241ed3 修改判断证书是否存在的方式 2018-03-24 09:25:20 +08:00
gjmzj b33ab0eea2 优化等待kubelet启动bootstrap机制 2018-03-22 22:41:43 +08:00
gjmzj 65f0d5e30b update k8s1.9.4 & minor fix 2018-03-19 14:37:43 +08:00
gjmzj 160f9b2a2d 更新添加master节点步骤和文档 2018-03-18 22:51:05 +08:00
gjmzj 7563af41a9 安装步骤文档更新 2018-03-18 18:25:38 +08:00
gjmzj 78512c6590
Merge pull request #135 from panhongyin/master
修复selinux配置BUG,添加kubectl自动补全,添加SSHKEY复制脚本
2018-03-16 18:30:04 +08:00
gjmzj b51f722202 优化安装流程,修复多主模式dashboard访问bug 2018-03-16 18:23:34 +08:00
panhongyin 053d2a0935 1: 添加实用工具集目录tools
2: 添加sshkey自动复制脚本,方便ansible的使用
3:添加kubectl自动补全配置
4:修复CentOS系统下selinux配置BUG
2018-03-16 17:52:02 +08:00
panhongyin 182b082518 1: 删除NODE_ID主机变量,改成使用ansible的run_once运行单节点任务
2:在keepalived模板中添加24位子网掩码
3:添加等待master节点服务启动完成检测任务
4:添加kubectl create之前的检测任务,避免重复操作时报错
2018-03-14 16:53:21 +08:00
jmgao 92afc3ba34 增加配置keepalived参数:virtual_router_id 2018-03-09 22:29:39 +08:00
jmgao e4685e5fa4 更新增加master节点的步骤和文档 2018-03-09 22:02:55 +08:00
jmgao b19600963d 允许忽略 br_netfilter 模块加载错误 2018-03-06 11:05:19 +08:00
jmgao ddb762f6c5 更新lb部分设置和文档 2018-03-02 15:16:40 +08:00
jmgao c3af702c7b update calico 3.0.3 2018-02-28 17:53:26 +08:00
jmgao dfbfaadaa2 minor changes 2018-02-25 12:30:15 +08:00
jmgao cd9d70060f update calico to 2.6.7 2018-02-25 10:34:32 +08:00
jmgao 6d3e2025ad 调整更新etcd不需要重新生成证书 2018-02-19 09:04:50 +08:00
jmgao 75097d5188 update k8s 1.9.3 2018-02-19 08:35:59 +08:00
lifeng c7957a9e50 haproxy代理设置超时时间为10分钟,避免进入容器过早退出 2018-02-07 10:25:21 +08:00
jmgao 61096e90ec 更新docker容器日志限制配置 2018-01-29 18:25:27 +08:00
jmgao 15a4ae943b update kubedns to 1.14.8 2018-01-27 13:54:12 +08:00
gjmzj cf7917aa1c
Revert "在k8s中,配置GPU节点" 2018-01-25 19:16:33 +08:00
unknown e7c530db59 add gpu node config 2018-01-22 10:02:13 +08:00
jmgao f94c78dc21 minor changes 2018-01-13 11:33:40 +08:00
tracybin 7611edcbdf 开启ipv4内核转发之前加载br_netfilter模块 2018-01-11 18:34:46 +08:00
jmgao 3b4f5879be fix 系统参数设置错误可忽略 2018-01-08 18:59:18 +08:00
jmgao d7c6b8a89e 更新安装步骤文档 2018-01-05 23:05:22 +08:00
jmgao 31dff09bf5 DaemonSet Flannel 网络插件 2018-01-04 22:50:09 +08:00
jmgao 3b0df004df DaemonSet Calico 网络插件 2018-01-04 22:00:34 +08:00
jmgao 4c1f7bceed 增加flannel网络支持 2018-01-02 22:12:51 +08:00
gjmzj 331bf56cb6 更新清理网络脚本 2017-12-31 10:25:56 +08:00
gjmzj 3e5b7f4a63 init flannel 2017-12-30 20:19:50 +08:00
jmgao 9615547f9d 修复calico多网卡IP选取问题 2017-12-29 18:48:39 +08:00
jmgao ad4ee94a11 修复1.9.0 kube-controller-manager默认参数HPA cpu利用率取不到问题 2017-12-28 20:32:51 +08:00
jmgao 470f0d4f29 调整部分系统参数 2017-12-28 14:34:04 +08:00
jmgao bd84affb6b 更新harbor文档 2017-12-25 22:01:44 +08:00
jmgao f697d49c86 增加harbor部署 2017-12-25 15:05:21 +08:00
DiamondYuan d70a958616 pause镜像地址 可配置 2017-12-19 17:46:34 +08:00
jmgao 6134c1ae2d 更新K8S v1.9.0 2017-12-19 10:27:49 +08:00
jmgao b3daae9c97 fix集群清理相关 2017-12-15 21:20:26 +08:00
jmgao 49993180fb minor fix in haproxy.service.j2 2017-12-15 20:30:15 +08:00
jmgao befa6ee59c minor fix 2017-12-15 20:22:31 +08:00
jmgao 321331286e 修复centos系统重启haproxy启动失败问题 2017-12-15 19:56:26 +08:00
jmgao 59d8ac5379 fix centos安装keepalived和haproxy问题 2017-12-15 19:14:39 +08:00
jmgao 1ba3b72539 关闭centos selinux 2017-12-15 17:27:56 +08:00
jmgao a37ce501e0 修复CentOS 下haproxy 工作目录 2017-12-15 16:26:37 +08:00
jmgao 5c2a151b2b 修复ansible条件判断可能失败问题 2017-12-15 10:25:32 +08:00
jmgao 0a343fb960 minor fix 2017-12-14 23:47:16 +08:00
jmgao f62454199f small fix 2017-12-14 23:18:57 +08:00
jmgao 2c8d59abcd 增加CentOS 7支持 2017-12-14 23:09:56 +08:00
jmgao c1b5ac40a8 fix: kubelet启动选取cloud-provider问题 2017-12-12 17:01:11 +08:00
jmgao 65c5102f0e minor fix 2017-12-11 11:06:00 +08:00
jmgao 30d1c86d81 fix集群安装的幂等性 2017-12-11 09:52:20 +08:00
jmgao 2d26c016ba 重命名roles/ca为roles/deploy, 更新 kubedns部署相关文件 2017-12-08 16:17:16 +08:00
jmgao ec4a07f8ba bugfix: NetworkPolicy 跨节点失效问题 2017-12-06 11:14:22 +08:00
jmgao 9048ef00ba 设置kube-proxy参数--masquerade-all=false 2017-12-05 21:31:28 +08:00
jmgao 4adf581ac2 minor changes 2017-12-05 09:59:56 +08:00
jmgao 429bed5ce9 修改calico与访问etcd的证书 2017-12-04 20:20:17 +08:00
jmgao 026674a799 更新06-安装kube-master节点.md 2017-12-03 16:26:33 +08:00
jmgao 11f83831fe 增加查询镜像tag的小工具,更新04-安装docker服务.md 2017-12-02 11:39:12 +08:00
jmgao d139608e72 minor changes 2017-11-30 22:44:45 +08:00
jmgao 2211e3aed9 更新02-安装etcd集群.md 2017-11-30 22:23:19 +08:00
jmgao 91358a9f65 更新#集群 MASTER IP, 需要负载均衡,一般为VIP地址 2017-11-30 15:01:24 +08:00
jmgao 7bf48d26d7 fix:清理iptables 2017-11-28 23:27:38 +08:00
jmgao e8291088ed 增加等待kube-apiserver/kubelet启动延迟 2017-11-26 12:36:58 +08:00
jmgao 25c49c9cf4 修正多主多节点集群部署脚本 2017-11-26 09:34:33 +08:00
jmgao b904133b13 cni-calico参数调整,minor changes 2017-11-25 21:31:00 +08:00
jmgao a850af10c4 增加calicoctl安装,默认关闭IP-in-IP 2017-11-22 12:34:51 +08:00
jmgao 5f65b4c7f5 approve csr之前增加15s等待kubelet启动完成 2017-11-21 20:39:11 +08:00
jmgao 22d95cd779 修正一些 kubelet/apiserver启动参数 2017-11-21 11:27:06 +08:00
jmgao 42b7cd782b 增加常用插件yaml配置 2017-11-21 09:01:24 +08:00
jmgao 0685f87fc1 fix bug in 95.clean.yml: cannot remove‘/var/run/docker/netns/default’: Device or resource busy 2017-11-12 16:17:50 +08:00
jmgao 253f109e47 更新90.setup.yml 95.clean.yml 2017-11-12 14:54:20 +08:00
jmgao 1907318028 add calico-kube-controllers 2017-11-12 09:16:20 +08:00
jmgao 3367d512ad k8s-calico initial commit 2017-11-11 19:14:21 +08:00