nodes:
  - address: 10.20.1.130
    user: root
    role:
      - controlplane
      - etcd
      - worker
    internal_address: 10.20.1.130
    labels:
      ingress-deploy: true
  - address: 10.20.1.133
    user: root
    role:
      - worker
    internal_address: 10.20.1.133
  - address: 10.20.1.134
    user: root
    role:
      - worker
    internal_address: 10.20.1.134
    labels:
      mysql-deploy: true
  - address: 10.20.1.141
    user: root
    role:
      - worker
    internal_address: 10.20.1.141
    labels:
      ingress-deploy: true
  - address: 10.20.1.142
    user: root
    role:
      - worker
    internal_address: 10.20.1.142
    labels:
      ingress-deploy: true
  - address: 10.20.1.144
    user: root
    role:
      - worker
    internal_address: 10.20.1.144
    labels:
      ingress-deploy: true
  - address: 10.20.1.145
    user: root
    role:
      - worker
    internal_address: 10.20.1.145
    labels:
      ingress-deploy: true


authentication:
  strategy: x509
  sans:
    - "10.20.1.130"

private_registries:
  - url: 10.20.1.130:8033 # 私有镜像库地址
    user: admin
    password: "V2ryStr@ngPss"
    is_default: true

##############################################################################

# 默认值为false，如果设置为true，当发现不支持的Docker版本时，RKE不会报错
ignore_docker_version: true

# Set the name of the Kubernetes cluster
cluster_name: rke-cluster

kubernetes_version: v1.20.4-rancher1-1

ssh_key_path: /root/.ssh/id_ed25519
# ssh_key_path: /root/.ssh/id_rsa

# Enable running cri-dockerd
# Up to Kubernetes 1.23, kubelet contained code called dockershim
# to support Docker runtime. The replacement is called cri-dockerd
# and should be enabled if you want to keep using Docker as your
# container runtime
# Only available to enable in Kubernetes 1.21 and higher
enable_cri_dockerd: true

services:
  etcd:
    backup_config:
      enabled: false
      interval_hours: 72
      retention: 3
      safe_timestamp: false
      timeout: 300
    creation: 12h
    extra_args:
        election-timeout: 5000
        heartbeat-interval: 500
    gid: 0
    retention: 72h
    snapshot: false
    uid: 0

  kube-api:
    # IP range for any services created on Kubernetes
    # This must match the service_cluster_ip_range in kube-controller
    service_cluster_ip_range: 172.24.0.0/16
    # Expose a different port range for NodePort services
    service_node_port_range: 30000-40000
    always_pull_images: true
    pod_security_policy: false
    # Add additional arguments to the kubernetes API server
    # This WILL OVERRIDE any existing defaults
    extra_args:
      # Enable audit log to stdout
      audit-log-path: "-"
      # Increase number of delete workers
      delete-collection-workers: 3
      # Set the level of log output to warning-level
      v: 1
  kube-controller:
    # CIDR pool used to assign IP addresses to pods in the cluster
    cluster_cidr: 172.28.0.0/16
    # IP range for any services created on Kubernetes
    # This must match the service_cluster_ip_range in kube-api
    service_cluster_ip_range: 172.24.0.0/16
    # Add additional arguments to the kubernetes API server
    # This WILL OVERRIDE any existing defaults
    extra_args:
      # Set the level of log output to debug-level
      v: 1
      # Enable RotateKubeletServerCertificate feature gate
      feature-gates: RotateKubeletServerCertificate=true
      # Enable TLS Certificates management
      # https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
      cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem"
      cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"
  kubelet:
    # Base domain for the cluster
    cluster_domain: cluster.local
    # IP address for the DNS service endpoint
    cluster_dns_server: 172.24.0.10
    # Fail if swap is on
    fail_swap_on: false
    # Set max pods to 250 instead of default 110
    extra_binds:
      - "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加
    extra_args:
      max-pods: 122
    # Optionally define additional volume binds to a service
  scheduler:
    extra_args:
      # Set the level of log output to warning-level
      v: 0
  kubeproxy:
    extra_args:
      # Set the level of log output to warning-level
      v: 1

authorization:
  mode: rbac

addon_job_timeout: 30

# Specify network plugin-in (canal, calico, flannel, weave, or none)
network:
  options:
    flannel_backend_type: vxlan
    flannel_iface: eth0
    flannel_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
    flannel_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
  plugin: flannel

# Specify DNS provider (coredns or kube-dns)
dns:
  provider: coredns
  nodelocal: {}
  # Available as of v1.1.0
  update_strategy:
    strategy: RollingUpdate
    rollingUpdate:
      maxUnavailable: 20%
      maxSurge: 15%
    linear_autoscaler_params:
      cores_per_replica: 0.34
      nodes_per_replica: 4
      prevent_single_point_failure: true
      min: 2
      max: 3

# Specify monitoring provider (metrics-server)
monitoring:
  provider: metrics-server
  # Available as of v1.1.0
  update_strategy:
    strategy: RollingUpdate
    rollingUpdate:
      maxUnavailable: 8

ingress:
  provider: nginx
  default_backend: true
  http_port: 0
  https_port: 0
  extra_envs:
    - name: TZ
      value: Asia/Shanghai
  node_selector:
    ingress-deploy: true
  options:
    use-forwarded-headers: "true"