Enable Firewall on Node, Add Windows Firewall rules for required ports #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
robbiezhang
reviewed
Jun 5, 2017
parts/kuberneteswindowssetup.ps1
Outdated
| netsh advfirewall firewall add rule name="Container: Allow access to node localport 8080" dir=in action=allow protocol=TCP localport=8080 | ||
| netsh advfirewall firewall add rule name="Container: Allow access to node localport 8888" dir=in action=allow protocol=TCP localport=8888 | ||
| netsh advfirewall firewall add rule name="Container: Allow UDP inbound traffic for Container DNS Port 53" dir=in action=allow localport=53 protocol=UDP | ||
| netsh advfirewall firewall add rule name="Node: Allow only K8 Master to access localport 4194" dir=in action=allow protocol=TCP localport=4194 remoteip=`${global:MasterIP} |
There was a problem hiding this comment.
is the global:MasterIP internal IP or external?
There was a problem hiding this comment.
I believe their communication are through internal IPs. In this case, you need to think about supporting multiple master nodes, although cloud shell only use 1 master node now.
There was a problem hiding this comment.
@robbiezhang To test the firewall rules, I used the Master's well known private IP [10.240.255.5], since this is a well known acs-engine constant.
So yes, this is internal.
Looking at the script [line 190], the global variable is set to the script parameter value.
What other changes need to happen to support multiple master nodes? I don't see any reference to this in the codebase
There was a problem hiding this comment.
Multi-master is an ACS-Engine feature. It will introduce a LoadBalancer for the master nodes. The IP address for the LB is 10.240.255.15. However, there is no such LB in the single master node cluster. So the outbound IP address is the node address (10.240.255.5). Do you know how this script handle this?
There was a problem hiding this comment.
Multi-Master must be handled in this script. Anthony's team owns this, I believe.
For now, the windows script is being called from the engine's go template:
https://github.com/Azure/acs-engine/blob/d3059c436d30bdc196d76cda27b1f051719316e7/pkg/acsengine/engine.go#L663
There was a problem hiding this comment.
The script is executed as part of VM extensions and the parameters passed to it are in kuberneteswinagentresourcesvmas.t. MasterIP is variables('kubernetesAPIServerIP')
There was a problem hiding this comment.
@colemickens Could you please take a look at port allowed?
robbiezhang
approved these changes
Jun 5, 2017
JiangtianLi
reviewed
Jun 7, 2017
parts/kuberneteswindowssetup.ps1
Outdated
| @@ -201,8 +201,17 @@ Get-PodGateway(`$podCIDR) | |||
| function | |||
| Set-DockerNetwork(`$podCIDR) | |||
| { | |||
| # Turn off Firewall to enable pods to talk to service endpoints. (Kubelet should eventually do this) | |||
| netsh advfirewall set allprofiles state off | |||
| # Windows Firewall rules to allow only Master to access Node's kubelet ports | |||
There was a problem hiding this comment.
Are these rules only for powershell console workloads and this PR is not going to be merged into master branch, right?
There was a problem hiding this comment.
@JiangtianLi The rules are not just for PSCloudShell - but there are no other workloads on the windows nodes. We want to lockdown the Windows nodes by allowing only master to communicate with Kubelet ports and allowing PSCloudShell websocket connections.
Additional windows customers can add their own exceptions as they are onboarded.
We want the firewall feature to be in PROD. Will the release to PROD happen from Master OR Migration branch?
parts/kuberneteswindowssetup.ps1
Outdated
| netsh advfirewall firewall add rule name="Container: Allow access to node localport 8080" dir=in action=allow protocol=TCP localport=8080 | ||
| netsh advfirewall firewall add rule name="Container: Allow access to node localport 8888" dir=in action=allow protocol=TCP localport=8888 | ||
| netsh advfirewall firewall add rule name="Container: Allow UDP inbound traffic for Container DNS Port 53" dir=in action=allow localport=53 protocol=UDP | ||
| netsh advfirewall firewall add rule name="Node: Allow only K8 Master to access localport 4194" dir=in action=allow protocol=TCP localport=4194 remoteip=`${global:MasterIP} |
There was a problem hiding this comment.
The script is executed as part of VM extensions and the parameters passed to it are in kuberneteswinagentresourcesvmas.t. MasterIP is variables('kubernetesAPIServerIP')
| netsh advfirewall firewall add rule name="Node: Allow only K8 Master to access localport 10255" dir=in action=allow protocol=TCP localport=10255 remoteip=`${global:MasterIP} | ||
|
|
||
| # Turn-on the firewall since we have allowed access to required ports | ||
| netsh advfirewall set allprofiles state on |
There was a problem hiding this comment.
We explicitly turn off firewall for allprofiles in Set-DockerNetwork. I think it should be ON already but I can't guarantee. Anyway, it doesn't hurt to turn it on.
There was a problem hiding this comment.
Correct, after adding firewall rules it is better to turn on the firewall for all profiles
JiangtianLi
reviewed
Jun 9, 2017
parts/kuberneteswindowssetup.ps1
Outdated
| netsh advfirewall firewall add rule name="Container: Allow access to node localport 8080" dir=in action=allow protocol=TCP localport=8080 | ||
| netsh advfirewall firewall add rule name="Container: Allow access to node localport 8888" dir=in action=allow protocol=TCP localport=8888 | ||
| netsh advfirewall firewall add rule name="Container: Allow UDP inbound traffic for Container DNS Port 53" dir=in action=allow localport=53 protocol=UDP | ||
| netsh advfirewall firewall add rule name="Node: Allow only K8 Master to access localport 4194" dir=in action=allow protocol=TCP localport=4194 remoteip=`${global:MasterIP} |
There was a problem hiding this comment.
@raghushantha Could you add comment for the port allowed? How do the rules allow web service on port 80 or other service on custom port?
There was a problem hiding this comment.
Will add comments in the script to explain each rule. I thought the rule names are self-explanatory -:).
We only allow websocket connections to be made to PSCloudShell (8080/8888). No other customer's ports are allowed. Also, since this is a first party service, any other customer using the Windows kube nodes need to bring in their own rules. This change will lock down the nodes for PSCloudShell.
There was a problem hiding this comment.
Thanks. Specifically please comment what each port is used for. (53 is obvious though).
resource group deployment parser does not like these chars in the comment section
JiangtianLi
approved these changes
Jun 14, 2017
|
Fix has been verified with a DF cluster deployment. fyi |
|
@raghushantha Thanks. Have you gone through sanity test with k8s windows example workload? |
|
@JiangtianLi We verified using PSCloudShell workload. This is similar to https://github.com/Azure/acs-engine/blob/master/docs/kubernetes.windows.md. Basically we ensured that traffic flows from webbrowser to the frontend and then to the container websockets. |
|
@raghushantha Please verify k8s windows example workload since they use different port - just in case. |
|
@JiangtianLi Verified simpleweb and hybrid scenarios as outlined in https://github.com/Azure/acs-engine/blob/master/docs/kubernetes.windows.md |
|
looks good to me! |
robbiezhang
approved these changes
Jun 15, 2017
wenwu449
added a commit
that referenced
this pull request
Feb 13, 2018
commit 203efbf Author: Jiangtian Li <JiangtianLi@users.noreply.github.com> Date: Fri Jan 19 09:07:14 2018 -0800 Extend windows os drive size when customized OSDiskSizeGB is used (Azure#2097) commit 88ec2fb Author: Robbie Zhang <junjiez@microsoft.com> Date: Thu Jan 11 13:49:44 2018 -0800 Update the kube-dns addon commit 217ad8d Merge: 530bedb d8856c8 Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Jan 8 16:22:56 2018 -0800 Merge remote-tracking branch 'origin/migration' into migration commit d8856c8 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jan 5 15:39:28 2018 -0800 Remove the Allow SSH and RDP Rules from NSG commit 530bedb Merge: f3389a6 5070934 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Jan 5 15:38:54 2018 -0800 Merge tag 'v0.9.4' into migration commit f3389a6 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Dec 15 11:11:13 2017 -0800 remove agent customscript and service file (#13) * remove agent specific custom script and service file. * remove cloud provider from windows start ps1 commit c2eda57 Merge: 8ef4f2b 004145c Author: Wenjun Wu <wenjun.wu@live.com> Date: Tue Dec 12 18:05:13 2017 -0800 Merge commit '004145cba163' into migration commit 004145c Author: Wenjun Wu <wenjun.wu@live.com> Date: Tue Dec 12 18:03:36 2017 -0800 fix merge error: azure storage classes yaml commit 8ef4f2b Merge: adbc1cf bd006fc Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Nov 27 18:24:06 2017 -0800 Merge tag 'v0.9.3' into migration commit adbc1cf Merge: f8da501 7957245 Author: Wenjun Wu <wenjun.wu@live.com> Date: Wed Oct 25 14:36:24 2017 -0700 Merge tag 'v0.8.0' into migration commit f8da501 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:38:00 2017 -0700 Disable Windows Update commit ac83868 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:37:36 2017 -0700 Use kubelet v1.6.6.1 for Windows agent commit 5424f14 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:36:47 2017 -0700 Set master AvailabilitySet FaultDomainCount and UpdateDomainCount to 1 commit 5b1fbb0 Author: Robbie Zhang <junjiez@microsoft.com> Date: Tue Aug 15 12:23:41 2017 -0700 Enable StorageAccount Encryption and Enforce HTTPS commit 12fd01d Author: Harry He <zhedahht@hotmail.com> Date: Fri Jul 7 10:16:03 2017 -0700 Remove Resource Requests from kube-proxy (#5) Previously kube-proxy requested 100m CPU. It prevented containers requesting 1 CPU from being deployed onto nodes with 1 CPU, because there is only 900m CPU left. This change remove resource requests from kube-proxy. commit 5241639 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 14:23:32 2017 -0700 Set the default CloudProvider backoff values commit 549a4c2 Merge: 0506730 8a47cbd Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 16:14:12 2017 -0700 Merge with v0.3.0 commit 0506730 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 13:01:18 2017 -0700 Disable Automatic Windows Update commit 8eb8afe Merge: 639e36a fb09cdf Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 12:07:03 2017 -0700 Merge from upstream release v0.2.0 commit 639e36a Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon Jul 3 11:05:10 2017 -0700 Remove azure.json from Windows Agent commit c9d0704 Merge: bae0a8b 579e8b8 Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon Jun 19 10:13:37 2017 -0700 Merge tag 'v0.1.2' into migration commit bae0a8b Author: Raghu Shantha [MSFT] <raghus@microsoft.com> Date: Thu Jun 15 11:36:03 2017 -0700 Enable Firewall on Node, Add Windows Firewall rules for required ports (#2) * Enable Firewall on Node, Add Windows Firewall rules for required ports * Added comments for firewall rules * Allow all traffic; lockdown kubectl Node ports to Master only * Remove & and single quote in comment section resource group deployment parser does not like these chars in the comment section commit af24ad6 Author: Robbie Zhang <junjiez@microsoft.com> Date: Tue Jun 6 18:20:40 2017 -0700 Enable RBAC on APIServer commit e648d3d Merge: 380bc58 cc95f47 Author: Robbie Zhang <junjiez@microsoft.com> Date: Wed May 24 11:01:11 2017 -0700 Merge branch 'master' into migration commit 380bc58 Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon May 15 11:39:43 2017 -0700 Fix: add the size map for F1 commit e64b446 Merge: 87c56c3 253dd41 Author: Wenjun Wu <wenjun.wu@live.com> Date: Sun May 14 15:47:20 2017 -0700 Merge branch 'master' into migration commit 87c56c3 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Apr 14 12:55:21 2017 -0700 Private Commit for Azure Console Shell Remove SPN secrets from agent node Remove the Kube Dashboard and Heapster Addons Add agentpool label on the agent nodes Use static IP address for system and agentpool1
wenwu449
added a commit
that referenced
this pull request
Mar 8, 2018
commit 203efbf Author: Jiangtian Li <JiangtianLi@users.noreply.github.com> Date: Fri Jan 19 09:07:14 2018 -0800 Extend windows os drive size when customized OSDiskSizeGB is used (Azure#2097) commit 88ec2fb Author: Robbie Zhang <junjiez@microsoft.com> Date: Thu Jan 11 13:49:44 2018 -0800 Update the kube-dns addon commit 217ad8d Merge: 530bedb d8856c8 Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Jan 8 16:22:56 2018 -0800 Merge remote-tracking branch 'origin/migration' into migration commit d8856c8 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jan 5 15:39:28 2018 -0800 Remove the Allow SSH and RDP Rules from NSG commit 530bedb Merge: f3389a6 5070934 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Jan 5 15:38:54 2018 -0800 Merge tag 'v0.9.4' into migration commit f3389a6 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Dec 15 11:11:13 2017 -0800 remove agent customscript and service file (#13) * remove agent specific custom script and service file. * remove cloud provider from windows start ps1 commit c2eda57 Merge: 8ef4f2b 004145c Author: Wenjun Wu <wenjun.wu@live.com> Date: Tue Dec 12 18:05:13 2017 -0800 Merge commit '004145cba163' into migration commit 004145c Author: Wenjun Wu <wenjun.wu@live.com> Date: Tue Dec 12 18:03:36 2017 -0800 fix merge error: azure storage classes yaml commit 8ef4f2b Merge: adbc1cf bd006fc Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Nov 27 18:24:06 2017 -0800 Merge tag 'v0.9.3' into migration commit adbc1cf Merge: f8da501 7957245 Author: Wenjun Wu <wenjun.wu@live.com> Date: Wed Oct 25 14:36:24 2017 -0700 Merge tag 'v0.8.0' into migration commit f8da501 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:38:00 2017 -0700 Disable Windows Update commit ac83868 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:37:36 2017 -0700 Use kubelet v1.6.6.1 for Windows agent commit 5424f14 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:36:47 2017 -0700 Set master AvailabilitySet FaultDomainCount and UpdateDomainCount to 1 commit 5b1fbb0 Author: Robbie Zhang <junjiez@microsoft.com> Date: Tue Aug 15 12:23:41 2017 -0700 Enable StorageAccount Encryption and Enforce HTTPS commit 12fd01d Author: Harry He <zhedahht@hotmail.com> Date: Fri Jul 7 10:16:03 2017 -0700 Remove Resource Requests from kube-proxy (#5) Previously kube-proxy requested 100m CPU. It prevented containers requesting 1 CPU from being deployed onto nodes with 1 CPU, because there is only 900m CPU left. This change remove resource requests from kube-proxy. commit 5241639 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 14:23:32 2017 -0700 Set the default CloudProvider backoff values commit 549a4c2 Merge: 0506730 8a47cbd Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 16:14:12 2017 -0700 Merge with v0.3.0 commit 0506730 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 13:01:18 2017 -0700 Disable Automatic Windows Update commit 8eb8afe Merge: 639e36a fb09cdf Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 12:07:03 2017 -0700 Merge from upstream release v0.2.0 commit 639e36a Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon Jul 3 11:05:10 2017 -0700 Remove azure.json from Windows Agent commit c9d0704 Merge: bae0a8b 579e8b8 Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon Jun 19 10:13:37 2017 -0700 Merge tag 'v0.1.2' into migration commit bae0a8b Author: Raghu Shantha [MSFT] <raghus@microsoft.com> Date: Thu Jun 15 11:36:03 2017 -0700 Enable Firewall on Node, Add Windows Firewall rules for required ports (#2) * Enable Firewall on Node, Add Windows Firewall rules for required ports * Added comments for firewall rules * Allow all traffic; lockdown kubectl Node ports to Master only * Remove & and single quote in comment section resource group deployment parser does not like these chars in the comment section commit af24ad6 Author: Robbie Zhang <junjiez@microsoft.com> Date: Tue Jun 6 18:20:40 2017 -0700 Enable RBAC on APIServer commit e648d3d Merge: 380bc58 cc95f47 Author: Robbie Zhang <junjiez@microsoft.com> Date: Wed May 24 11:01:11 2017 -0700 Merge branch 'master' into migration commit 380bc58 Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon May 15 11:39:43 2017 -0700 Fix: add the size map for F1 commit e64b446 Merge: 87c56c3 253dd41 Author: Wenjun Wu <wenjun.wu@live.com> Date: Sun May 14 15:47:20 2017 -0700 Merge branch 'master' into migration commit 87c56c3 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Apr 14 12:55:21 2017 -0700 Private Commit for Azure Console Shell Remove SPN secrets from agent node Remove the Kube Dashboard and Heapster Addons Add agentpool label on the agent nodes Use static IP address for system and agentpool1
wenwu449
added a commit
that referenced
this pull request
Mar 27, 2018
commit d0ebb9e Author: chshou <shou3301@outlook.com> Date: Mon Mar 26 18:06:57 2018 -0700 Fix merge errors (#22) * move sed to kubelet.sh, remove unnecessary exit 0 (Azure#2520) * move sed to kubelet.sh, remove unnecessary exit 0 * circleci bump * circleci bump * fix merge errors and deployment succeeded * added example * sanitize example commit 5639dce Merge: 1294a58 89f4b2e Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Mar 26 17:51:08 2018 -0700 Merge pull request #21 from yolo3301/mig-merge Merge from upstream commit 89f4b2e Merge: 375d0c0 1294a58 Author: chshou <shou3301@outlook.com> Date: Mon Mar 26 16:03:30 2018 -0700 fix merge error commit 1294a58 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Mar 16 18:13:44 2018 -0700 skip create initial role binding due to bulit-in RBAC support. (#19) commit 375d0c0 Merge: 295461d 7d91a71 Author: chshou <shou3301@outlook.com> Date: Fri Mar 9 12:09:00 2018 -0800 resolve conflicts commit 7d91a71 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Mar 9 11:29:11 2018 -0800 disable heapster config (#18) commit 295461d Author: chshou <shou3301@outlook.com> Date: Thu Mar 8 18:23:57 2018 -0800 remove more unnecessary commit 87f7746 Author: chshou <shou3301@outlook.com> Date: Thu Mar 8 17:55:42 2018 -0800 remove unnecessary commit ae0caf8 Author: chshou <shou3301@outlook.com> Date: Wed Mar 7 17:53:45 2018 -0800 fix 2 more missed error commit efa144e Author: chshou <shou3301@outlook.com> Date: Wed Mar 7 17:32:09 2018 -0800 a miss commit 8d96a93 Merge: fd2a409 e3587cb Author: chshou <shou3301@outlook.com> Date: Wed Mar 7 16:54:22 2018 -0800 merged from upstream master commit fd2a409 Author: Jess Frazelle <jessfraz@users.noreply.github.com> Date: Tue Jan 16 23:49:48 2018 -0500 k8s/script: allow parallelizing custom script without clear-containers (Azure#2067) Signed-off-by: Jess Frazelle <acidburn@microsoft.com> (cherry picked from commit cdd2832) Signed-off-by: Jess Frazelle <acidburn@microsoft.com> commit 1e10c0d Author: Jess Frazelle <jessfraz@users.noreply.github.com> Date: Tue Jan 16 19:09:32 2018 -0500 clear containers (Azure#1945) * clear-containers: add runtime to api and pass through parameters Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: add scripts Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: add example Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: fix variables Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: add docs Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: update install script Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: fix script Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: update example Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: update features docs Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: make test linters happy Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * setKubeletOpts to work better with kubeconfig Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * whitespace cruft * more whitespace fun (cherry picked from commit 8bd7c2c) commit fa3d6ff Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Feb 12 19:24:35 2018 -0800 Squashed commit of the following: commit 203efbf Author: Jiangtian Li <JiangtianLi@users.noreply.github.com> Date: Fri Jan 19 09:07:14 2018 -0800 Extend windows os drive size when customized OSDiskSizeGB is used (Azure#2097) commit 88ec2fb Author: Robbie Zhang <junjiez@microsoft.com> Date: Thu Jan 11 13:49:44 2018 -0800 Update the kube-dns addon commit 217ad8d Merge: 530bedb d8856c8 Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Jan 8 16:22:56 2018 -0800 Merge remote-tracking branch 'origin/migration' into migration commit d8856c8 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jan 5 15:39:28 2018 -0800 Remove the Allow SSH and RDP Rules from NSG commit 530bedb Merge: f3389a6 5070934 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Jan 5 15:38:54 2018 -0800 Merge tag 'v0.9.4' into migration commit f3389a6 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Dec 15 11:11:13 2017 -0800 remove agent customscript and service file (#13) * remove agent specific custom script and service file. * remove cloud provider from windows start ps1 commit c2eda57 Merge: 8ef4f2b 004145c Author: Wenjun Wu <wenjun.wu@live.com> Date: Tue Dec 12 18:05:13 2017 -0800 Merge commit '004145cba163' into migration commit 004145c Author: Wenjun Wu <wenjun.wu@live.com> Date: Tue Dec 12 18:03:36 2017 -0800 fix merge error: azure storage classes yaml commit 8ef4f2b Merge: adbc1cf bd006fc Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Nov 27 18:24:06 2017 -0800 Merge tag 'v0.9.3' into migration commit adbc1cf Merge: f8da501 7957245 Author: Wenjun Wu <wenjun.wu@live.com> Date: Wed Oct 25 14:36:24 2017 -0700 Merge tag 'v0.8.0' into migration commit f8da501 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:38:00 2017 -0700 Disable Windows Update commit ac83868 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:37:36 2017 -0700 Use kubelet v1.6.6.1 for Windows agent commit 5424f14 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:36:47 2017 -0700 Set master AvailabilitySet FaultDomainCount and UpdateDomainCount to 1 commit 5b1fbb0 Author: Robbie Zhang <junjiez@microsoft.com> Date: Tue Aug 15 12:23:41 2017 -0700 Enable StorageAccount Encryption and Enforce HTTPS commit 12fd01d Author: Harry He <zhedahht@hotmail.com> Date: Fri Jul 7 10:16:03 2017 -0700 Remove Resource Requests from kube-proxy (#5) Previously kube-proxy requested 100m CPU. It prevented containers requesting 1 CPU from being deployed onto nodes with 1 CPU, because there is only 900m CPU left. This change remove resource requests from kube-proxy. commit 5241639 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 14:23:32 2017 -0700 Set the default CloudProvider backoff values commit 549a4c2 Merge: 0506730 8a47cbd Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 16:14:12 2017 -0700 Merge with v0.3.0 commit 0506730 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 13:01:18 2017 -0700 Disable Automatic Windows Update commit 8eb8afe Merge: 639e36a fb09cdf Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 12:07:03 2017 -0700 Merge from upstream release v0.2.0 commit 639e36a Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon Jul 3 11:05:10 2017 -0700 Remove azure.json from Windows Agent commit c9d0704 Merge: bae0a8b 579e8b8 Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon Jun 19 10:13:37 2017 -0700 Merge tag 'v0.1.2' into migration commit bae0a8b Author: Raghu Shantha [MSFT] <raghus@microsoft.com> Date: Thu Jun 15 11:36:03 2017 -0700 Enable Firewall on Node, Add Windows Firewall rules for required ports (#2) * Enable Firewall on Node, Add Windows Firewall rules for required ports * Added comments for firewall rules * Allow all traffic; lockdown kubectl Node ports to Master only * Remove & and single quote in comment section resource group deployment parser does not like these chars in the comment section commit af24ad6 Author: Robbie Zhang <junjiez@microsoft.com> Date: Tue Jun 6 18:20:40 2017 -0700 Enable RBAC on APIServer commit e648d3d Merge: 380bc58 cc95f47 Author: Robbie Zhang <junjiez@microsoft.com> Date: Wed May 24 11:01:11 2017 -0700 Merge branch 'master' into migration commit 380bc58 Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon May 15 11:39:43 2017 -0700 Fix: add the size map for F1 commit e64b446 Merge: 87c56c3 253dd41 Author: Wenjun Wu <wenjun.wu@live.com> Date: Sun May 14 15:47:20 2017 -0700 Merge branch 'master' into migration commit 87c56c3 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Apr 14 12:55:21 2017 -0700 Private Commit for Azure Console Shell Remove SPN secrets from agent node Remove the Kube Dashboard and Heapster Addons Add agentpool label on the agent nodes Use static IP address for system and agentpool1 commit 9fa6a69 Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 17:07:00 2018 -0800 for loop and --retry-connrefused not avail commit 0dda4bb Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 16:44:47 2018 -0800 retry etcd download commit bb4b9bc Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 15:37:34 2018 -0800 addresses etcd startup race condition commit 2f1bfe6 Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 15:25:33 2018 -0800 cloud-init does not respect {1..5} expression commit 069d9e4 Author: CecileRobertMichon <cerobert@microsoft.com> Date: Mon Jan 22 11:41:38 2018 -0800 Add fix to upgrade backwards compatibility commit 030e5dc Author: Jack Francis <jack.francis@microsoft.com> Date: Mon Jan 22 10:42:35 2018 -0800 add support for Kubernetes v1.8.7 commit 7d19218 Author: Jack Francis <jack.francis@microsoft.com> Date: Fri Jan 19 12:31:12 2018 -0800 lint commit 9ed1610 Author: Jack Francis <jack.francis@microsoft.com> Date: Fri Jan 19 12:26:58 2018 -0800 restore properties to KubernetesConfig commit 93589b4 Author: Jack Francis <jack.francis@microsoft.com> Date: Thu Jan 18 11:48:11 2018 -0800 re-enable read-only port on kubelet fixes heapster connection issues
wenwu449
added a commit
that referenced
this pull request
Apr 23, 2018
commit d0ebb9e Author: chshou <shou3301@outlook.com> Date: Mon Mar 26 18:06:57 2018 -0700 Fix merge errors (#22) * move sed to kubelet.sh, remove unnecessary exit 0 (Azure#2520) * move sed to kubelet.sh, remove unnecessary exit 0 * circleci bump * circleci bump * fix merge errors and deployment succeeded * added example * sanitize example commit 5639dce Merge: 1294a58 89f4b2e Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Mar 26 17:51:08 2018 -0700 Merge pull request #21 from yolo3301/mig-merge Merge from upstream commit 89f4b2e Merge: 375d0c0 1294a58 Author: chshou <shou3301@outlook.com> Date: Mon Mar 26 16:03:30 2018 -0700 fix merge error commit 1294a58 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Mar 16 18:13:44 2018 -0700 skip create initial role binding due to bulit-in RBAC support. (#19) commit 375d0c0 Merge: 295461d 7d91a71 Author: chshou <shou3301@outlook.com> Date: Fri Mar 9 12:09:00 2018 -0800 resolve conflicts commit 7d91a71 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Mar 9 11:29:11 2018 -0800 disable heapster config (#18) commit 295461d Author: chshou <shou3301@outlook.com> Date: Thu Mar 8 18:23:57 2018 -0800 remove more unnecessary commit 87f7746 Author: chshou <shou3301@outlook.com> Date: Thu Mar 8 17:55:42 2018 -0800 remove unnecessary commit ae0caf8 Author: chshou <shou3301@outlook.com> Date: Wed Mar 7 17:53:45 2018 -0800 fix 2 more missed error commit efa144e Author: chshou <shou3301@outlook.com> Date: Wed Mar 7 17:32:09 2018 -0800 a miss commit 8d96a93 Merge: fd2a409 e3587cb Author: chshou <shou3301@outlook.com> Date: Wed Mar 7 16:54:22 2018 -0800 merged from upstream master commit fd2a409 Author: Jess Frazelle <jessfraz@users.noreply.github.com> Date: Tue Jan 16 23:49:48 2018 -0500 k8s/script: allow parallelizing custom script without clear-containers (Azure#2067) Signed-off-by: Jess Frazelle <acidburn@microsoft.com> (cherry picked from commit cdd2832) Signed-off-by: Jess Frazelle <acidburn@microsoft.com> commit 1e10c0d Author: Jess Frazelle <jessfraz@users.noreply.github.com> Date: Tue Jan 16 19:09:32 2018 -0500 clear containers (Azure#1945) * clear-containers: add runtime to api and pass through parameters Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: add scripts Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: add example Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: fix variables Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: add docs Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: update install script Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: fix script Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: update example Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: update features docs Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: make test linters happy Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * setKubeletOpts to work better with kubeconfig Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * whitespace cruft * more whitespace fun (cherry picked from commit 8bd7c2c) commit fa3d6ff Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Feb 12 19:24:35 2018 -0800 Squashed commit of the following: commit 203efbf Author: Jiangtian Li <JiangtianLi@users.noreply.github.com> Date: Fri Jan 19 09:07:14 2018 -0800 Extend windows os drive size when customized OSDiskSizeGB is used (Azure#2097) commit 88ec2fb Author: Robbie Zhang <junjiez@microsoft.com> Date: Thu Jan 11 13:49:44 2018 -0800 Update the kube-dns addon commit 217ad8d Merge: 530bedb d8856c8 Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Jan 8 16:22:56 2018 -0800 Merge remote-tracking branch 'origin/migration' into migration commit d8856c8 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jan 5 15:39:28 2018 -0800 Remove the Allow SSH and RDP Rules from NSG commit 530bedb Merge: f3389a6 5070934 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Jan 5 15:38:54 2018 -0800 Merge tag 'v0.9.4' into migration commit f3389a6 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Dec 15 11:11:13 2017 -0800 remove agent customscript and service file (#13) * remove agent specific custom script and service file. * remove cloud provider from windows start ps1 commit c2eda57 Merge: 8ef4f2b 004145c Author: Wenjun Wu <wenjun.wu@live.com> Date: Tue Dec 12 18:05:13 2017 -0800 Merge commit '004145cba163' into migration commit 004145c Author: Wenjun Wu <wenjun.wu@live.com> Date: Tue Dec 12 18:03:36 2017 -0800 fix merge error: azure storage classes yaml commit 8ef4f2b Merge: adbc1cf bd006fc Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Nov 27 18:24:06 2017 -0800 Merge tag 'v0.9.3' into migration commit adbc1cf Merge: f8da501 7957245 Author: Wenjun Wu <wenjun.wu@live.com> Date: Wed Oct 25 14:36:24 2017 -0700 Merge tag 'v0.8.0' into migration commit f8da501 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:38:00 2017 -0700 Disable Windows Update commit ac83868 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:37:36 2017 -0700 Use kubelet v1.6.6.1 for Windows agent commit 5424f14 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:36:47 2017 -0700 Set master AvailabilitySet FaultDomainCount and UpdateDomainCount to 1 commit 5b1fbb0 Author: Robbie Zhang <junjiez@microsoft.com> Date: Tue Aug 15 12:23:41 2017 -0700 Enable StorageAccount Encryption and Enforce HTTPS commit 12fd01d Author: Harry He <zhedahht@hotmail.com> Date: Fri Jul 7 10:16:03 2017 -0700 Remove Resource Requests from kube-proxy (#5) Previously kube-proxy requested 100m CPU. It prevented containers requesting 1 CPU from being deployed onto nodes with 1 CPU, because there is only 900m CPU left. This change remove resource requests from kube-proxy. commit 5241639 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 14:23:32 2017 -0700 Set the default CloudProvider backoff values commit 549a4c2 Merge: 0506730 8a47cbd Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 16:14:12 2017 -0700 Merge with v0.3.0 commit 0506730 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 13:01:18 2017 -0700 Disable Automatic Windows Update commit 8eb8afe Merge: 639e36a fb09cdf Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 12:07:03 2017 -0700 Merge from upstream release v0.2.0 commit 639e36a Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon Jul 3 11:05:10 2017 -0700 Remove azure.json from Windows Agent commit c9d0704 Merge: bae0a8b 579e8b8 Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon Jun 19 10:13:37 2017 -0700 Merge tag 'v0.1.2' into migration commit bae0a8b Author: Raghu Shantha [MSFT] <raghus@microsoft.com> Date: Thu Jun 15 11:36:03 2017 -0700 Enable Firewall on Node, Add Windows Firewall rules for required ports (#2) * Enable Firewall on Node, Add Windows Firewall rules for required ports * Added comments for firewall rules * Allow all traffic; lockdown kubectl Node ports to Master only * Remove & and single quote in comment section resource group deployment parser does not like these chars in the comment section commit af24ad6 Author: Robbie Zhang <junjiez@microsoft.com> Date: Tue Jun 6 18:20:40 2017 -0700 Enable RBAC on APIServer commit e648d3d Merge: 380bc58 cc95f47 Author: Robbie Zhang <junjiez@microsoft.com> Date: Wed May 24 11:01:11 2017 -0700 Merge branch 'master' into migration commit 380bc58 Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon May 15 11:39:43 2017 -0700 Fix: add the size map for F1 commit e64b446 Merge: 87c56c3 253dd41 Author: Wenjun Wu <wenjun.wu@live.com> Date: Sun May 14 15:47:20 2017 -0700 Merge branch 'master' into migration commit 87c56c3 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Apr 14 12:55:21 2017 -0700 Private Commit for Azure Console Shell Remove SPN secrets from agent node Remove the Kube Dashboard and Heapster Addons Add agentpool label on the agent nodes Use static IP address for system and agentpool1 commit 9fa6a69 Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 17:07:00 2018 -0800 for loop and --retry-connrefused not avail commit 0dda4bb Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 16:44:47 2018 -0800 retry etcd download commit bb4b9bc Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 15:37:34 2018 -0800 addresses etcd startup race condition commit 2f1bfe6 Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 15:25:33 2018 -0800 cloud-init does not respect {1..5} expression commit 069d9e4 Author: CecileRobertMichon <cerobert@microsoft.com> Date: Mon Jan 22 11:41:38 2018 -0800 Add fix to upgrade backwards compatibility commit 030e5dc Author: Jack Francis <jack.francis@microsoft.com> Date: Mon Jan 22 10:42:35 2018 -0800 add support for Kubernetes v1.8.7 commit 7d19218 Author: Jack Francis <jack.francis@microsoft.com> Date: Fri Jan 19 12:31:12 2018 -0800 lint commit 9ed1610 Author: Jack Francis <jack.francis@microsoft.com> Date: Fri Jan 19 12:26:58 2018 -0800 restore properties to KubernetesConfig commit 93589b4 Author: Jack Francis <jack.francis@microsoft.com> Date: Thu Jan 18 11:48:11 2018 -0800 re-enable read-only port on kubelet fixes heapster connection issues
wenwu449
added a commit
that referenced
this pull request
Apr 23, 2018
commit d0ebb9e Author: chshou <shou3301@outlook.com> Date: Mon Mar 26 18:06:57 2018 -0700 Fix merge errors (#22) * move sed to kubelet.sh, remove unnecessary exit 0 (Azure#2520) * move sed to kubelet.sh, remove unnecessary exit 0 * circleci bump * circleci bump * fix merge errors and deployment succeeded * added example * sanitize example commit 5639dce Merge: 1294a58 89f4b2e Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Mar 26 17:51:08 2018 -0700 Merge pull request #21 from yolo3301/mig-merge Merge from upstream commit 89f4b2e Merge: 375d0c0 1294a58 Author: chshou <shou3301@outlook.com> Date: Mon Mar 26 16:03:30 2018 -0700 fix merge error commit 1294a58 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Mar 16 18:13:44 2018 -0700 skip create initial role binding due to bulit-in RBAC support. (#19) commit 375d0c0 Merge: 295461d 7d91a71 Author: chshou <shou3301@outlook.com> Date: Fri Mar 9 12:09:00 2018 -0800 resolve conflicts commit 7d91a71 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Mar 9 11:29:11 2018 -0800 disable heapster config (#18) commit 295461d Author: chshou <shou3301@outlook.com> Date: Thu Mar 8 18:23:57 2018 -0800 remove more unnecessary commit 87f7746 Author: chshou <shou3301@outlook.com> Date: Thu Mar 8 17:55:42 2018 -0800 remove unnecessary commit ae0caf8 Author: chshou <shou3301@outlook.com> Date: Wed Mar 7 17:53:45 2018 -0800 fix 2 more missed error commit efa144e Author: chshou <shou3301@outlook.com> Date: Wed Mar 7 17:32:09 2018 -0800 a miss commit 8d96a93 Merge: fd2a409 e3587cb Author: chshou <shou3301@outlook.com> Date: Wed Mar 7 16:54:22 2018 -0800 merged from upstream master commit fd2a409 Author: Jess Frazelle <jessfraz@users.noreply.github.com> Date: Tue Jan 16 23:49:48 2018 -0500 k8s/script: allow parallelizing custom script without clear-containers (Azure#2067) Signed-off-by: Jess Frazelle <acidburn@microsoft.com> (cherry picked from commit cdd2832) Signed-off-by: Jess Frazelle <acidburn@microsoft.com> commit 1e10c0d Author: Jess Frazelle <jessfraz@users.noreply.github.com> Date: Tue Jan 16 19:09:32 2018 -0500 clear containers (Azure#1945) * clear-containers: add runtime to api and pass through parameters Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: add scripts Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: add example Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: fix variables Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: add docs Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: update install script Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: fix script Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: update example Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: update features docs Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * clear-containers: make test linters happy Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * setKubeletOpts to work better with kubeconfig Signed-off-by: Jess Frazelle <acidburn@microsoft.com> * whitespace cruft * more whitespace fun (cherry picked from commit 8bd7c2c) commit fa3d6ff Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Feb 12 19:24:35 2018 -0800 Squashed commit of the following: commit 203efbf Author: Jiangtian Li <JiangtianLi@users.noreply.github.com> Date: Fri Jan 19 09:07:14 2018 -0800 Extend windows os drive size when customized OSDiskSizeGB is used (Azure#2097) commit 88ec2fb Author: Robbie Zhang <junjiez@microsoft.com> Date: Thu Jan 11 13:49:44 2018 -0800 Update the kube-dns addon commit 217ad8d Merge: 530bedb d8856c8 Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Jan 8 16:22:56 2018 -0800 Merge remote-tracking branch 'origin/migration' into migration commit d8856c8 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jan 5 15:39:28 2018 -0800 Remove the Allow SSH and RDP Rules from NSG commit 530bedb Merge: f3389a6 5070934 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Jan 5 15:38:54 2018 -0800 Merge tag 'v0.9.4' into migration commit f3389a6 Author: Wenjun Wu <wenjun.wu@live.com> Date: Fri Dec 15 11:11:13 2017 -0800 remove agent customscript and service file (#13) * remove agent specific custom script and service file. * remove cloud provider from windows start ps1 commit c2eda57 Merge: 8ef4f2b 004145c Author: Wenjun Wu <wenjun.wu@live.com> Date: Tue Dec 12 18:05:13 2017 -0800 Merge commit '004145cba163' into migration commit 004145c Author: Wenjun Wu <wenjun.wu@live.com> Date: Tue Dec 12 18:03:36 2017 -0800 fix merge error: azure storage classes yaml commit 8ef4f2b Merge: adbc1cf bd006fc Author: Wenjun Wu <wenjun.wu@live.com> Date: Mon Nov 27 18:24:06 2017 -0800 Merge tag 'v0.9.3' into migration commit adbc1cf Merge: f8da501 7957245 Author: Wenjun Wu <wenjun.wu@live.com> Date: Wed Oct 25 14:36:24 2017 -0700 Merge tag 'v0.8.0' into migration commit f8da501 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:38:00 2017 -0700 Disable Windows Update commit ac83868 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:37:36 2017 -0700 Use kubelet v1.6.6.1 for Windows agent commit 5424f14 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Sep 1 16:36:47 2017 -0700 Set master AvailabilitySet FaultDomainCount and UpdateDomainCount to 1 commit 5b1fbb0 Author: Robbie Zhang <junjiez@microsoft.com> Date: Tue Aug 15 12:23:41 2017 -0700 Enable StorageAccount Encryption and Enforce HTTPS commit 12fd01d Author: Harry He <zhedahht@hotmail.com> Date: Fri Jul 7 10:16:03 2017 -0700 Remove Resource Requests from kube-proxy (#5) Previously kube-proxy requested 100m CPU. It prevented containers requesting 1 CPU from being deployed onto nodes with 1 CPU, because there is only 900m CPU left. This change remove resource requests from kube-proxy. commit 5241639 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 14:23:32 2017 -0700 Set the default CloudProvider backoff values commit 549a4c2 Merge: 0506730 8a47cbd Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 16:14:12 2017 -0700 Merge with v0.3.0 commit 0506730 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 13:01:18 2017 -0700 Disable Automatic Windows Update commit 8eb8afe Merge: 639e36a fb09cdf Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Jul 7 12:07:03 2017 -0700 Merge from upstream release v0.2.0 commit 639e36a Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon Jul 3 11:05:10 2017 -0700 Remove azure.json from Windows Agent commit c9d0704 Merge: bae0a8b 579e8b8 Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon Jun 19 10:13:37 2017 -0700 Merge tag 'v0.1.2' into migration commit bae0a8b Author: Raghu Shantha [MSFT] <raghus@microsoft.com> Date: Thu Jun 15 11:36:03 2017 -0700 Enable Firewall on Node, Add Windows Firewall rules for required ports (#2) * Enable Firewall on Node, Add Windows Firewall rules for required ports * Added comments for firewall rules * Allow all traffic; lockdown kubectl Node ports to Master only * Remove & and single quote in comment section resource group deployment parser does not like these chars in the comment section commit af24ad6 Author: Robbie Zhang <junjiez@microsoft.com> Date: Tue Jun 6 18:20:40 2017 -0700 Enable RBAC on APIServer commit e648d3d Merge: 380bc58 cc95f47 Author: Robbie Zhang <junjiez@microsoft.com> Date: Wed May 24 11:01:11 2017 -0700 Merge branch 'master' into migration commit 380bc58 Author: Robbie Zhang <junjiez@microsoft.com> Date: Mon May 15 11:39:43 2017 -0700 Fix: add the size map for F1 commit e64b446 Merge: 87c56c3 253dd41 Author: Wenjun Wu <wenjun.wu@live.com> Date: Sun May 14 15:47:20 2017 -0700 Merge branch 'master' into migration commit 87c56c3 Author: Robbie Zhang <junjiez@microsoft.com> Date: Fri Apr 14 12:55:21 2017 -0700 Private Commit for Azure Console Shell Remove SPN secrets from agent node Remove the Kube Dashboard and Heapster Addons Add agentpool label on the agent nodes Use static IP address for system and agentpool1 commit 9fa6a69 Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 17:07:00 2018 -0800 for loop and --retry-connrefused not avail commit 0dda4bb Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 16:44:47 2018 -0800 retry etcd download commit bb4b9bc Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 15:37:34 2018 -0800 addresses etcd startup race condition commit 2f1bfe6 Author: Jack Francis <jack.francis@microsoft.com> Date: Wed Jan 31 15:25:33 2018 -0800 cloud-init does not respect {1..5} expression commit 069d9e4 Author: CecileRobertMichon <cerobert@microsoft.com> Date: Mon Jan 22 11:41:38 2018 -0800 Add fix to upgrade backwards compatibility commit 030e5dc Author: Jack Francis <jack.francis@microsoft.com> Date: Mon Jan 22 10:42:35 2018 -0800 add support for Kubernetes v1.8.7 commit 7d19218 Author: Jack Francis <jack.francis@microsoft.com> Date: Fri Jan 19 12:31:12 2018 -0800 lint commit 9ed1610 Author: Jack Francis <jack.francis@microsoft.com> Date: Fri Jan 19 12:26:58 2018 -0800 restore properties to KubernetesConfig commit 93589b4 Author: Jack Francis <jack.francis@microsoft.com> Date: Thu Jan 18 11:48:11 2018 -0800 re-enable read-only port on kubelet fixes heapster connection issues
wenwu449
pushed a commit
to wenwu449/acs-engine
that referenced
this pull request
Oct 26, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Secures K8's Windows Nodes by enabling Firewall.
Allows only Master node to connect to kubelet ports
Creates Firewall exceptions for container websockets for communicating to PowerShell Console workloads
The fixes have been verified in DF cluster.
Release note:
This change is