nodes: - address: 172.31.2.7 user: root role: - controlplane - etcd - worker internal_address: 172.31.2.7 labels: ingress-deploy: true - address: 172.31.2.8 user: root role: - worker internal_address: 172.31.2.8 labels: ingress-deploy: true - address: 172.31.2.9 user: root role: - worker internal_address: 172.31.2.9 labels: ingress-deploy: true mysql-deploy: true authentication: strategy: x509 sans: - "172.31.2.7" private_registries: - url: 172.31.2.7:8033/admin # 私有镜像库地址 user: admin password: "V2ryStr@ngPss" is_default: true ############################################################################## # 默认值为false,如果设置为true,当发现不支持的Docker版本时,RKE不会报错 ignore_docker_version: true # Set the name of the Kubernetes cluster cluster_name: rke-cluster kubernetes_version: v1.20.4-rancher1-1 ssh_key_path: /root/.ssh/id_ed25519 #ssh_key_path: /root/.ssh/id_rsa # Enable running cri-dockerd # Up to Kubernetes 1.23, kubelet contained code called dockershim # to support Docker runtime. The replacement is called cri-dockerd # and should be enabled if you want to keep using Docker as your # container runtime # Only available to enable in Kubernetes 1.21 and higher enable_cri_dockerd: true services: etcd: backup_config: enabled: false interval_hours: 72 retention: 3 safe_timestamp: false timeout: 300 creation: 12h extra_args: election-timeout: 5000 heartbeat-interval: 500 gid: 0 retention: 72h snapshot: false uid: 0 kube-api: # IP range for any services created on Kubernetes # This must match the service_cluster_ip_range in kube-controller service_cluster_ip_range: 10.24.0.0/16 # Expose a different port range for NodePort services service_node_port_range: 30000-40000 always_pull_images: true pod_security_policy: false # Add additional arguments to the kubernetes API server # This WILL OVERRIDE any existing defaults extra_args: # Enable audit log to stdout audit-log-path: "-" # Increase number of delete workers delete-collection-workers: 3 # Set the level of log output to warning-level v: 1 kube-controller: # CIDR pool used to assign IP addresses to pods in the cluster cluster_cidr: 10.28.0.0/16 # IP range for any services created on Kubernetes # This must match the service_cluster_ip_range in kube-api service_cluster_ip_range: 10.24.0.0/16 # Add additional arguments to the kubernetes API server # This WILL OVERRIDE any existing defaults extra_args: # Set the level of log output to debug-level v: 1 # Enable RotateKubeletServerCertificate feature gate feature-gates: RotateKubeletServerCertificate=true # Enable TLS Certificates management # https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem" cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem" kubelet: # Base domain for the cluster cluster_domain: cluster.local # IP address for the DNS service endpoint cluster_dns_server: 10.24.0.10 # Fail if swap is on fail_swap_on: false # Set max pods to 250 instead of default 110 extra_binds: - "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加 extra_args: max-pods: 122 # Optionally define additional volume binds to a service scheduler: extra_args: # Set the level of log output to warning-level v: 0 kubeproxy: extra_args: # Set the level of log output to warning-level v: 1 authorization: mode: rbac addon_job_timeout: 30 # Specify network plugin-in (canal, calico, flannel, weave, or none) network: options: flannel_backend_type: vxlan flannel_iface: enp4s0 flannel_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+ flannel_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+ plugin: flannel # Specify DNS provider (coredns or kube-dns) dns: provider: coredns nodelocal: {} # Available as of v1.1.0 update_strategy: strategy: RollingUpdate rollingUpdate: maxUnavailable: 20% maxSurge: 15% linear_autoscaler_params: cores_per_replica: 0.34 nodes_per_replica: 4 prevent_single_point_failure: true min: 2 max: 3 # Specify monitoring provider (metrics-server) monitoring: provider: metrics-server # Available as of v1.1.0 update_strategy: strategy: RollingUpdate rollingUpdate: maxUnavailable: 8 ingress: provider: nginx default_backend: true http_port: 0 https_port: 0 extra_envs: - name: TZ value: Asia/Shanghai node_selector: ingress-deploy: true options: use-forwarded-headers: "true" access-log-path: /var/log/nginx/access.log client-body-timeout: '6000' compute-full-forwarded-for: 'true' enable-underscores-in-headers: 'true' log-format-escape-json: 'true' log-format-upstream: >- { "msec": "$msec", "connection": "$connection", "connection_requests": "$connection_requests", "pid": "$pid", "request_id": "$request_id", "request_length": "$request_length", "remote_addr": "$remote_addr", "remote_user": "$remote_user", "remote_port": "$remote_port", "http_x_forwarded_for": "$http_x_forwarded_for", "time_local": "$time_local", "time_iso8601": "$time_iso8601", "request": "$request", "request_uri": "$request_uri", "args": "$args", "status": "$status", "body_bytes_sent": "$body_bytes_sent", "bytes_sent": "$bytes_sent", "http_referer": "$http_referer", "http_user_agent": "$http_user_agent", "http_host": "$http_host", "server_name": "$server_name", "request_time": "$request_time", "upstream": "$upstream_addr", "upstream_connect_time": "$upstream_connect_time", "upstream_header_time": "$upstream_header_time", "upstream_response_time": "$upstream_response_time", "upstream_response_length": "$upstream_response_length", "upstream_cache_status": "$upstream_cache_status", "ssl_protocol": "$ssl_protocol", "ssl_cipher": "$ssl_cipher", "scheme": "$scheme", "request_method": "$request_method", "server_protocol": "$server_protocol", "pipe": "$pipe", "gzip_ratio": "$gzip_ratio", "http_cf_ray": "$http_cf_ray", "geoip_country_code": "$geoip_country_code" } proxy-body-size: 5120m proxy-read-timeout: '6000' proxy-send-timeout: '6000'