812a1adb49
Use a lower-privilege Kubelet kubeconfig in system:nodes
...
* Kubelets can use a lower-privilege TLS client certificate with
Org system:nodes and a binding to the system:node ClusterRole
* Admin kubeconfig's continue to belong to Org system:masters to
provide cluster-admin (available in assets/auth/kubeconfig or as
a Terraform output kubeconfig-admin)
* Remove bare-metal output variable kubeconfig
2019-01-05 13:08:56 -08:00
ed0b781296
Fix possible deadlock for provisioning bare-metal clusters
...
* Closes #235
2018-06-14 23:15:28 -07:00
de4d90750e
Use consistent naming of remote provision steps
2018-03-26 00:29:57 -07:00
43dc44623f
Fix the terraform fmt of configs
2017-10-16 01:32:25 -07:00
9ec8ec4afc
Secure copy etcd TLS credentials to controllers only
...
* Controllers receive etcd TLS credentials
* Controllers and workers receive a kubeconfig
2017-10-14 20:48:02 -07:00
7c046b6206
*: Fix Terraform fmt and comments
2017-09-17 21:43:00 -07:00
e19517d3df
Fix the terraform fmt of configs
2017-08-12 18:26:05 -07:00
efff7497eb
digital-ocean: Join name.dns_zone for controller domain
...
* Output the DNS FQDNs, IPv4 addresses, and IPv6 addresses
2017-07-29 12:47:47 -07:00
da596e06bb
Add bare-metal support for Container Linux with Matchbox
2017-07-24 23:24:12 -07:00
Dalton Hubble