nodes: - address: 192.168.0.8 user: rke-installer role: - controlplane - etcd - worker internal_address: 192.168.0.8 labels: ingress-deploy: true uavcloud.env: demo - address: 192.168.0.65 user: rke-installer role: - worker internal_address: 192.168.0.65 labels: uavcloud.env: demo - address: 192.168.0.45 user: rke-installer role: - worker internal_address: 192.168.0.45 labels: uavcloud.env: demo - address: 192.168.0.7 user: rke-installer role: - worker internal_address: 192.168.0.7 labels: mysql-deploy: true uavcloud.env: demo - address: 192.168.0.9 user: rke-installer role: - worker internal_address: 192.168.0.9 labels: uavcloud.env: demo - address: 192.168.0.10 user: rke-installer role: - worker internal_address: 192.168.0.10 labels: uavcloud.env: demo - address: 192.168.0.11 user: rke-installer role: - worker internal_address: 192.168.0.11 labels: uavcloud.env: demo - address: 192.168.0.83 user: rke-installer role: - worker internal_address: 192.168.0.83 labels: uavcloud.env: demo - address: 192.168.0.84 user: rke-installer role: - worker internal_address: 192.168.0.84 labels: uavcloud.env: demo - address: 192.168.0.85 user: rke-installer role: - worker internal_address: 192.168.0.85 labels: uavcloud.env: demo authentication: strategy: x509 sans: - "192.168.0.8" private_registries: - url: 192.168.0.8:8033 # 私有镜像库地址 user: admin password: "V2ryStr@ngPss" is_default: true ############################################################################## # 默认值为false,如果设置为true,当发现不支持的Docker版本时,RKE不会报错 ignore_docker_version: true # Set the name of the Kubernetes cluster cluster_name: rke-cluster kubernetes_version: v1.20.4-rancher1-1 ssh_key_path: /home/rke-installer/.ssh/id_ed25519 # Enable running cri-dockerd # Up to Kubernetes 1.23, kubelet contained code called dockershim # to support Docker runtime. The replacement is called cri-dockerd # and should be enabled if you want to keep using Docker as your # container runtime # Only available to enable in Kubernetes 1.21 and higher enable_cri_dockerd: true services: etcd: backup_config: enabled: false interval_hours: 72 retention: 3 safe_timestamp: false timeout: 300 creation: 12h extra_args: election-timeout: 5000 heartbeat-interval: 500 cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA gid: 0 retention: 72h snapshot: false uid: 0 kube-api: # IP range for any services created on Kubernetes # This must match the service_cluster_ip_range in kube-controller service_cluster_ip_range: 10.74.0.0/16 # Expose a different port range for NodePort services service_node_port_range: 30000-40000 always_pull_images: true pod_security_policy: false # Add additional arguments to the kubernetes API server # This WILL OVERRIDE any existing defaults extra_args: # Enable audit log to stdout audit-log-path: "-" # Increase number of delete workers delete-collection-workers: 3 # Set the level of log output to warning-level v: 1 kube-controller: # CIDR pool used to assign IP addresses to pods in the cluster cluster_cidr: 10.100.0.0/16 # IP range for any services created on Kubernetes # This must match the service_cluster_ip_range in kube-api service_cluster_ip_range: 10.74.0.0/16 # Add additional arguments to the kubernetes API server # This WILL OVERRIDE any existing defaults extra_args: # Set the level of log output to debug-level v: 1 # Enable RotateKubeletServerCertificate feature gate feature-gates: RotateKubeletServerCertificate=true # Enable TLS Certificates management # https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem" cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem" kubelet: # Base domain for the cluster cluster_domain: cluster.local # IP address for the DNS service endpoint cluster_dns_server: 10.74.0.10 # Fail if swap is on fail_swap_on: false # Set max pods to 250 instead of default 110 extra_binds: - "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加 extra_args: max-pods: 122 # Optionally define additional volume binds to a service scheduler: extra_args: # Set the level of log output to warning-level v: 0 tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA kubeproxy: extra_args: # Set the level of log output to warning-level v: 1 authorization: mode: rbac addon_job_timeout: 30 # Specify network plugin-in (canal, calico, flannel, weave, or none) network: mtu: 1440 options: flannel_backend_type: vxlan plugin: calico tolerations: - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationseconds: 300 - key: "node.kubernetes.io/not-ready" operator: "Exists" effect: "NoExecute" tolerationseconds: 300 # Specify DNS provider (coredns or kube-dns) dns: provider: coredns nodelocal: {} # Available as of v1.1.0 update_strategy: strategy: RollingUpdate rollingUpdate: maxUnavailable: 20% maxSurge: 15% linear_autoscaler_params: cores_per_replica: 0.34 nodes_per_replica: 4 prevent_single_point_failure: true min: 2 max: 3 tolerations: - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationseconds: 300 - key: "node.kubernetes.io/not-ready" operator: "Exists" effect: "NoExecute" tolerationseconds: 300 # Specify monitoring provider (metrics-server) monitoring: provider: metrics-server # Available as of v1.1.0 update_strategy: strategy: RollingUpdate rollingUpdate: maxUnavailable: 8 ingress: provider: nginx default_backend: true http_port: 0 https_port: 0 extra_envs: - name: TZ value: Asia/Shanghai node_selector: ingress-deploy: true options: use-forwarded-headers: "true" access-log-path: /var/log/nginx/access.log # client-body-timeout: '6000' # compute-full-forwarded-for: 'true' # enable-underscores-in-headers: 'true' # log-format-escape-json: 'true' # log-format-upstream: >- # { "msec": "$msec", "connection": "$connection", "connection_requests": # "$connection_requests", "pid": "$pid", "request_id": "$request_id", # "request_length": "$request_length", "remote_addr": "$remote_addr", # "remote_user": "$remote_user", "remote_port": "$remote_port", # "http_x_forwarded_for": "$http_x_forwarded_for", "time_local": # "$time_local", "time_iso8601": "$time_iso8601", "request": "$request", # "request_uri": "$request_uri", "args": "$args", "status": "$status", # "body_bytes_sent": "$body_bytes_sent", "bytes_sent": "$bytes_sent", # "http_referer": "$http_referer", "http_user_agent": "$http_user_agent", # "http_host": "$http_host", "server_name": "$server_name", "request_time": # "$request_time", "upstream": "$upstream_addr", "upstream_connect_time": # "$upstream_connect_time", "upstream_header_time": "$upstream_header_time", # "upstream_response_time": "$upstream_response_time", # "upstream_response_length": "$upstream_response_length", # "upstream_cache_status": "$upstream_cache_status", "ssl_protocol": # "$ssl_protocol", "ssl_cipher": "$ssl_cipher", "scheme": "$scheme", # "request_method": "$request_method", "server_protocol": "$server_protocol", # "pipe": "$pipe", "gzip_ratio": "$gzip_ratio", "http_cf_ray": "$http_cf_ray", # "geoip_country_code": "$geoip_country_code" } # proxy-body-size: 5120m # proxy-read-timeout: '6000' # proxy-send-timeout: '6000'