Commit Graph

50 Commits (bbf4dc8c998127e59f1786f629deb132f1658442)

Author SHA1 Message Date
gjmzj aa869e17ff set kubelet authentication/authorization webhook 2018-10-06 10:21:04 +08:00
gjmzj 6b21f30ab9 调整安装步骤中kubectl的执行以适合公有云部署 2018-09-15 11:27:33 +08:00
gjmzj cdf778b6ab 取消 Node节点 Bootstrap机制 2018-09-11 20:46:46 +08:00
lusyoe 2b4d92a07a 添加kubelet根目录 2018-08-31 23:02:31 +08:00
gjmzj 30b6ebb59f fix 兼容ansible执行节点与deploy节点分离 2018-08-11 09:14:03 +08:00
lusyoe be08287672 支持deploy与ansible执行节点分离 2018-08-07 17:11:33 +08:00
gjmzj 5f07276ea2 废弃ansible hosts变量SERVICE_PROXY 2018-07-09 18:18:32 +08:00
gjmzj 2a916c0ad1 更新kube-proxy使用ipvs模式 2018-07-09 17:43:12 +08:00
gjmzj 6f201476bd 增加等待网络插件正常运行 2018-06-18 00:04:00 +08:00
gjmzj 2f65a8bba6 minor 脚本和文档更新 2018-06-15 10:52:59 +08:00
jmgao 931b2cf1b9 用inventory_hostname替换变量NODE_IP 2018-06-09 22:19:20 +08:00
gjmzj fe1e5a65a5 设置node roles 2018-05-22 15:57:44 +08:00
gjmzj 15bbc26d3f minor fix:等待node节点Ready 2018-05-20 23:18:53 +08:00
gjmzj 1fd8515711 增加master和node服务重启tags 2018-05-20 00:17:59 +08:00
gjmzj 58ccd3bc88 增加[可选]OS安全加固脚本 2018-05-19 22:40:41 +08:00
gjmzj a0d3ac6ec9 增加升级k8s时服务文件的更新 2018-05-17 23:07:01 +08:00
gjmzj 83bdcfd41a 修复kubelet匿名访问漏洞 2018-05-17 22:51:15 +08:00
spirit 6b6de7881e 修复kubelet安全策略 (#192)
https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
By default, requests to the kubelet’s HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.

To disable anonymous access and send 401 Unauthorized responses to unauthenticated requests:

start the kubelet with the --anonymous-auth=false flag
2018-05-17 22:31:54 +08:00
gjmzj 45b7fab60e 新增upgrade脚本 2018-05-11 11:07:14 +08:00
gjmzj afd667e2a3 更新pause镜像3.1,kube-dns 1.14.9 2018-04-24 23:06:57 +08:00
gjmzj 11974a4b14 minor fix 2018-04-10 18:58:10 +08:00
gjmzj 6eb58b175a 修复shell执行systemctl enable xx可能报错退出问题 2018-04-10 18:33:24 +08:00
gjmzj b176a8761d minor fix 2018-04-10 18:06:12 +08:00
gjmzj 99ea4b1144 update k8s 1.9.6 && minor fix 2018-03-28 17:59:26 +08:00
gjmzj 84b46057a7 更新等待node状态Ready脚本 2018-03-25 18:28:49 +08:00
gjmzj 825a241ed3 修改判断证书是否存在的方式 2018-03-24 09:25:20 +08:00
gjmzj b33ab0eea2 优化等待kubelet启动bootstrap机制 2018-03-22 22:41:43 +08:00
gjmzj b51f722202 优化安装流程,修复多主模式dashboard访问bug 2018-03-16 18:23:34 +08:00
panhongyin 182b082518 1: 删除NODE_ID主机变量,改成使用ansible的run_once运行单节点任务
2:在keepalived模板中添加24位子网掩码
3:添加等待master节点服务启动完成检测任务
4:添加kubectl create之前的检测任务,避免重复操作时报错
2018-03-14 16:53:21 +08:00
jmgao dfbfaadaa2 minor changes 2018-02-25 12:30:15 +08:00
gjmzj cf7917aa1c
Revert "在k8s中,配置GPU节点" 2018-01-25 19:16:33 +08:00
unknown e7c530db59 add gpu node config 2018-01-22 10:02:13 +08:00
jmgao d7c6b8a89e 更新安装步骤文档 2018-01-05 23:05:22 +08:00
jmgao 31dff09bf5 DaemonSet Flannel 网络插件 2018-01-04 22:50:09 +08:00
jmgao 4c1f7bceed 增加flannel网络支持 2018-01-02 22:12:51 +08:00
gjmzj 331bf56cb6 更新清理网络脚本 2017-12-31 10:25:56 +08:00
gjmzj 3e5b7f4a63 init flannel 2017-12-30 20:19:50 +08:00
DiamondYuan d70a958616 pause镜像地址 可配置 2017-12-19 17:46:34 +08:00
jmgao 6134c1ae2d 更新K8S v1.9.0 2017-12-19 10:27:49 +08:00
jmgao c1b5ac40a8 fix: kubelet启动选取cloud-provider问题 2017-12-12 17:01:11 +08:00
jmgao ec4a07f8ba bugfix: NetworkPolicy 跨节点失效问题 2017-12-06 11:14:22 +08:00
jmgao 9048ef00ba 设置kube-proxy参数--masquerade-all=false 2017-12-05 21:31:28 +08:00
jmgao 429bed5ce9 修改calico与访问etcd的证书 2017-12-04 20:20:17 +08:00
jmgao e8291088ed 增加等待kube-apiserver/kubelet启动延迟 2017-11-26 12:36:58 +08:00
jmgao 5f65b4c7f5 approve csr之前增加15s等待kubelet启动完成 2017-11-21 20:39:11 +08:00
jmgao 22d95cd779 修正一些 kubelet/apiserver启动参数 2017-11-21 11:27:06 +08:00
jmgao 0685f87fc1 fix bug in 95.clean.yml: cannot remove‘/var/run/docker/netns/default’: Device or resource busy 2017-11-12 16:17:50 +08:00
jmgao 253f109e47 更新90.setup.yml 95.clean.yml 2017-11-12 14:54:20 +08:00
jmgao 1907318028 add calico-kube-controllers 2017-11-12 09:16:20 +08:00
jmgao 3367d512ad k8s-calico initial commit 2017-11-11 19:14:21 +08:00