nodes:
#masternode配置
  - address: 10.215.66.85
    user: rke-installer
    role:
      - controlplane
      - etcd
      - worker
    internal_address: 10.215.66.85
    labels:
      ingress-deploy: true
 #worker-1到worker-5加入集群
  - address: 10.215.66.86
    user: rke-installer
    role:
      - worker
    internal_address: 10.215.66.86
  - address: 10.215.66.87
    user: rke-installer
    role:
      - worker
    internal_address: 10.215.66.87 
  - address: 10.215.66.88
    user: rke-installer
    role:
      - worker
    internal_address: 10.215.66.88
  - address: 10.215.66.90
    user: rke-installer
    role:
      - worker
    internal_address: 10.215.66.90
 #worker-5资源低，用于跑mysql
  - address: 10.215.66.91
    user: rke-installer
    role:
      - worker
    internal_address: 10.215.66.91
    labels:
      mysql-deploy: true


# 默认值为false，如果设置为true，当发现不支持的Docker版本时，RKE不会报错
ignore_docker_version: true

# Set the name of the Kubernetes cluster
cluster_name: rke-cluster

#kubernetes_version: v1.18.16-rancher1-1
kubernetes_version: v1.20.4-rancher1-1

ssh_key_path: /home/rke-installer/.ssh/id_rsa

services:
  etcd:
    backup_config:
      enabled: false
      interval_hours: 72
      retention: 3
      safe_timestamp: false
      timeout: 300
    creation: 12h
    extra_args:
        election-timeout: 5000
        heartbeat-interval: 500
        cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
    gid: 0
    retention: 72h
    snapshot: false
    uid: 0

  kube-api:
    # IP range for any services created on Kubernetes
    # This must match the service_cluster_ip_range in kube-controller
    service_cluster_ip_range: 10.74.0.0/16
    # Expose a different port range for NodePort services
    service_node_port_range: 30000-40000
    always_pull_images: true
    pod_security_policy: false
    # Add additional arguments to the kubernetes API server
    # This WILL OVERRIDE any existing defaults
    extra_args:
      # Enable audit log to stdout
      audit-log-path: "-"
      # Increase number of delete workers
      delete-collection-workers: 3
      # Set the level of log output to debug-level
      v: 1
  kube-controller:
    # CIDR pool used to assign IP addresses to pods in the cluster
    cluster_cidr: 10.100.0.0/16
    # IP range for any services created on Kubernetes
    # This must match the service_cluster_ip_range in kube-api
    service_cluster_ip_range: 10.74.0.0/16
  kubelet:
    # Base domain for the cluster
    cluster_domain: cluster.local
    # IP address for the DNS service endpoint
    cluster_dns_server: 10.74.0.10
    # Fail if swap is on
    fail_swap_on: true
    # Set max pods to 250 instead of default 110
    extra_args:
      max-pods: 122
    # Optionally define additional volume binds to a service
  scheduler:
    extra_args:
      # Set the level of log output to warning-level
      v: 0
      tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA


authentication:
  strategy: x509
  sans:
    - "10.215.66.85"

authorization:
  mode: rbac

addon_job_timeout: 30

# Specify network plugin-in (canal, calico, flannel, weave, or none)
network:
  mtu: 1440
  options:
    flannel_backend_type: vxlan
  plugin: calico
  #add by zxc@241129
  #  calico_network_provider:
  #  ipip:
  #    mode: cross-subnet
  #    interface: ens160
  tolerations:
    - key: "node.kubernetes.io/unreachable"
      operator: "Exists"
      effect: "NoExecute"
      tolerationseconds: 300
    - key: "node.kubernetes.io/not-ready"
      operator: "Exists"
      effect: "NoExecute"
      tolerationseconds: 300

# Specify DNS provider (coredns or kube-dns)
dns:
  provider: coredns
  nodelocal: {}
  tolerations:
    - key: "node.kubernetes.io/unreachable"
      operator: "Exists"
      effect: "NoExecute"
      tolerationseconds: 300
    - key: "node.kubernetes.io/not-ready"
      operator: "Exists"
      effect: "NoExecute"
      tolerationseconds: 300

ingress:
  provider: nginx
  default_backend: true
  http_port: 0
  https_port: 0
  extra_envs:
    - name: TZ
      value: Asia/Shanghai
  node_selector:
    ingress-deploy: true
  options:
    use-forwarded-headers: "true"

private_registries:
  - url: 10.215.66.85:8033 # 私有镜像库地址
    user: admin
    password: "Test@2"
    is_default: true
#注：nodes：ip改为master及worker的ip
#authentication：ip改为master的ip
#private_registries：ip改为master的ip