mirror of
https://github.com/puppetmaster/typhoon.git
synced 2025-02-23 23:41:28 +01:00
804dfea0f9
* Generate TLS client certificates for `kube-scheduler` and `kube-controller-manager` with `system:kube-scheduler` and `system:kube-controller-manager` CNs * Template separate kubeconfigs for kube-scheduler and kube-controller manager (`scheduler.conf` and `controller-manager.conf`). Rename admin for clarity * Before v1.16.0, Typhoon scheduled a self-hosted control plane, which allowed the steady-state kube-scheduler and kube-controller-manager to use a scoped ServiceAccount. With a static pod control plane, separate CN TLS client certificates are the nearest equiv. * https://kubernetes.io/docs/setup/best-practices/certificates/ * Remove unused Kubelet certificate, TLS bootstrap is used instead
Typhoon 
Typhoon is a minimal and free Kubernetes distribution.
- Minimal, stable base Kubernetes distribution
- Declarative infrastructure and configuration
- Free (freedom and cost) and privacy-respecting
- Practical for labs, datacenters, and clouds
Typhoon distributes upstream Kubernetes, architectural conventions, and cluster addons, much like a GNU/Linux distribution provides the Linux kernel and userspace components.
Features 
- Kubernetes v1.19.4 (upstream)
- Single or multi-master, Calico or Cilium or flannel networking
- On-cluster etcd with TLS, RBAC-enabled, network policy
- Advanced features like snippets customization
- Ready for Ingress, Prometheus, Grafana, and other optional addons
Docs
Please see the official docs and the bare-metal tutorial.