crit
crit copied to clipboard
criticalstack
A tool for bootstrapping Kubernetes
https://goreleaser.com/deprecations#nfpmsfiles This will need to be updated before 2021-06-21 to ensure that it still works.
## CVE-2020-26160 - High Severity Vulnerability Vulnerable Library - github.com/dgrijalva/jwt-go-dc14462fd58732591c7fa58cc8496d6824316a82 Golang implementation of JSON Web Tokens (JWT) Dependency Hierarchy: - github.com/labstack/echo/v4/middleware (Root Library) - :x: **github.com/dgrijalva/jwt-go-dc14462fd58732591c7fa58cc8496d6824316a82** (Vulnerable Library) Found in...
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot] avatar"){kind=avatar}
When creating a bootstrap token using `crit create token`, no output is returned to the user: ``` $ crit create token $ ``` This is inconvenient for the following reasons:...
Given the following directory structure (default behavior of `crit up`), the `crit certs renew` command fails: ```sh /etc/kubernetes/ ├── admin.conf ├── controller-manager.conf ├── kubelet.conf ├── scheduler.conf ├── pki │ ├──...
Just as the `crit up` command is used to bootstrap a new node, the `crit down` sub-command should be added that stops and cleans up that node. This mostly involves...
At this time crit follows precedent from kubeadm for enabling [anonymous requests](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#anonymous-requests). Since crit uses a [healthcheck-proxy sidecar](https://docs.crit.sh/security-guide/disabling-anonymous-authentication.html#api-server-healthchecks) to safely expose health checks via a limited role, the API server...
Files, such as the kubelet drop-in file [20-crit.conf](https://github.com/criticalstack/crit/blob/master/build/package/20-crit.conf), can be embedded and templated so that they can be included in the binary and used on systems that do not install...