nodes: - address: 172.16.200.30 user: root role: - controlplane - etcd - worker internal_address: 172.16.200.30 labels: ingress-deploy: true - address: 172.16.200.31 user: root role: - worker internal_address: 172.16.200.31 labels: ingress-deploy: true uavcloud.env: demo - address: 172.16.200.32 user: root role: - worker internal_address: 172.16.200.32 labels: ingress-deploy: true mysql-deploy: true uavcloud.env: demo - address: 172.16.200.33 user: root role: - worker internal_address: 172.16.200.33 labels: ingress-deploy: true uavcloud.env: demo - address: 172.16.200.34 user: root role: - worker internal_address: 172.16.200.34 labels: ingress-deploy: true uavcloud.env: demo authentication: strategy: x509 sans: - "172.16.200.30" private_registries: - url: 172.16.200.30:8033 # 私有镜像库地址 user: admin password: "V2ryStr@ngPss" is_default: true ############################################################################## # 默认值为false,如果设置为true,当发现不支持的Docker版本时,RKE不会报错 ignore_docker_version: true # Set the name of the Kubernetes cluster cluster_name: rke-cluster kubernetes_version: v1.20.4-rancher1-1 ssh_key_path: /root/.ssh/id_rsa # Enable running cri-dockerd # Up to Kubernetes 1.23, kubelet contained code called dockershim # to support Docker runtime. The replacement is called cri-dockerd # and should be enabled if you want to keep using Docker as your # container runtime # Only available to enable in Kubernetes 1.21 and higher enable_cri_dockerd: true services: etcd: backup_config: enabled: false interval_hours: 72 retention: 3 safe_timestamp: false timeout: 300 creation: 12h extra_args: election-timeout: 5000 heartbeat-interval: 500 gid: 0 retention: 72h snapshot: false uid: 0 kube-api: # IP range for any services created on Kubernetes # This must match the service_cluster_ip_range in kube-controller service_cluster_ip_range: 10.74.0.0/16 # Expose a different port range for NodePort services service_node_port_range: 30000-40000 always_pull_images: true pod_security_policy: false # Add additional arguments to the kubernetes API server # This WILL OVERRIDE any existing defaults extra_args: # Enable audit log to stdout audit-log-path: "-" # Increase number of delete workers delete-collection-workers: 3 # Set the level of log output to warning-level v: 1 # Using the EventRateLimit admission control enforces a limit on the number of events # that the API Server will accept in a given time period # Available as of v1.0.0 event_rate_limit: enabled: false configuration: apiVersion: eventratelimit.admission.k8s.io/v1alpha1 kind: Configuration limits: - type: Server qps: 6000 burst: 30000 kube-controller: # CIDR pool used to assign IP addresses to pods in the cluster cluster_cidr: 10.100.0.0/16 # IP range for any services created on Kubernetes # This must match the service_cluster_ip_range in kube-api service_cluster_ip_range: 10.74.0.0/16 # Add additional arguments to the kubernetes API server # This WILL OVERRIDE any existing defaults extra_args: # Set the level of log output to debug-level v: 1 # Enable RotateKubeletServerCertificate feature gate feature-gates: RotateKubeletServerCertificate=true # Enable TLS Certificates management # https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem" cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem" kubelet: # Base domain for the cluster cluster_domain: cluster.local # IP address for the DNS service endpoint cluster_dns_server: 10.74.0.10 # Fail if swap is on fail_swap_on: false # Set max pods to 250 instead of default 110 extra_binds: - "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加 extra_args: max-pods: 122 scheduler: extra_args: # Set the level of log output to warning-level v: 0 kubeproxy: extra_args: # Set the level of log output to warning-level v: 0 authorization: mode: rbac addon_job_timeout: 30 # Specify network plugin-in (canal, calico, flannel, weave, or none) network: mtu: 1440 options: flannel_backend_type: vxlan plugin: calico tolerations: - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationseconds: 300 - key: "node.kubernetes.io/not-ready" operator: "Exists" effect: "NoExecute" tolerationseconds: 300 # Specify DNS provider (coredns or kube-dns) dns: provider: coredns nodelocal: # Available as of v1.1.0 update_strategy: strategy: RollingUpdate rollingUpdate: maxUnavailable: 20% maxSurge: 15% linear_autoscaler_params: cores_per_replica: 0.34 nodes_per_replica: 4 prevent_single_point_failure: true min: 2 max: 3 tolerations: - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationseconds: 300 - key: "node.kubernetes.io/not-ready" operator: "Exists" effect: "NoExecute" tolerationseconds: 300 # Specify monitoring provider (metrics-server) monitoring: provider: metrics-server # Available as of v1.1.0 update_strategy: strategy: RollingUpdate rollingUpdate: maxUnavailable: 8 ingress: provider: nginx default_backend: true http_port: 0 https_port: 0 extra_envs: - name: TZ value: Asia/Shanghai node_selector: ingress-deploy: true options: use-forwarded-headers: "true"