环境：

• Mac
• vagrant 2.1.2
• virtualBox: 5.2.16
• Kubernetes 1.11.0

遇到了几个问题：

1. 在系统自动挂起之后vm 的时间会不对，没有自动同步，导致 Prometheus 监控数据显示不出来，应该同步时间就可以，不过我没有，而是使用的 vagrant halt ，就导致了另一个问题。
2. 执行 vagrant halt 按照【重启】 的操作后，之前配置的 Istio 相关所有东西都不见了，包括 istio-system namespace 。
3. 按照[文档](

The README.md currently mentions how to do this using DNS, but could this process not be improved on by using Consul instead?

As already mentioned in the readme, DockerSwarm.rocks recommends Traefik and HTTPS. This install uses Consul as a key-value store for the SSL certificates, which means many/most of the Docker Swarm installs following that recipe will have C

It would be helpful to have a comprehensive documentation of the endpoints to help configure Authelia correctly in real life environments.

Proposal

At some point, Maesh will experience security issues. To handle them gracefully, we should document our security policy and define, at least:

• How and where security vulnerabilities will be reported.
• How to disclose a security vulnerability responsibly.

We should have a look at the GitHub [Security policy](https://help.github.com/en/github/managing-security-vulnerabiliti

We need a proper website, with docs, examples, etc.
Basic static generation (e.g. with Gatsby) from markdown (to allow for current docs reuse) would probably work just fine.

• Make a static website (done thanks to @FDiskas )
• Setup CI builds on every push / PR
• Setup CD to github pages
• Figure out a domain (github org domain? .js.org domain? something else?)

I need to do a collateral call to google APIs from my backend to get additional information about the user (full name, profile picture, team, ...). For that, I need to have the access token. Unfortunately, now I only have access to the user's email.

A solution could be to return the access token in the header key X-Forwarded-AccessToken but I think we will have to manage when the access token

我刚看了一下其他人都好像有这个问题，不过还是看见有人数可以用renew的办法，我也尝试了一下
kubeadm alpha phase all
初步看好像是续期了一年的样子，但由于我是vmware的1master 3node的。。没有环境测试高可用情况下这样renew证书的话，其他master要怎么操作。

另外贴一下下面的help信息
[root@t0 etcd]# kubeadm alpha phase --help
This command is not meant to be run on its own. See list of available subcommands.

[root@t0 etcd]# kubeadm alpha certs renew --help
This command is not meant to be run on its ow

Improve this workflow. A manager being able to log into and configure new servers (manager / worker nodes).

Ideas:

• Generate local SSH key specifically for communication with the swarm.
  • ssh-keygen -f ~/.ssh/id_rsa_swarm -t rsa -N '' -C "your@email.com"
• Copy the SSH key to swarm manager during/after installation.
  • ssh-copy-id -i ~/.ssh/id_rsa_swarm root@123.23.12.123
  • Set p

Hi,

This is a request feature to use the OPA Agent instead of assertion parts of EAS.
With this we can use a common DSL language (rego) to create policies for authz.

https://github.com/containous/traefik-migration-tool#with-docker

The current docker command is not working out of the box. An input and output has to be specified as the volume is mapped into /data and the standard value points to ./[file]. I got the setup for acme e.g. running like: