179 lines
4.8 KiB
YAML
179 lines
4.8 KiB
YAML
nodes:
|
||
#masternode配置
|
||
- address: 10.215.66.85
|
||
user: rke-installer
|
||
role:
|
||
- controlplane
|
||
- etcd
|
||
- worker
|
||
internal_address: 10.215.66.85
|
||
labels:
|
||
ingress-deploy: true
|
||
#worker-1到worker-5加入集群
|
||
- address: 10.215.66.86
|
||
user: rke-installer
|
||
role:
|
||
- worker
|
||
internal_address: 10.215.66.86
|
||
- address: 10.215.66.87
|
||
user: rke-installer
|
||
role:
|
||
- worker
|
||
internal_address: 10.215.66.87
|
||
- address: 10.215.66.88
|
||
user: rke-installer
|
||
role:
|
||
- worker
|
||
internal_address: 10.215.66.88
|
||
- address: 10.215.66.90
|
||
user: rke-installer
|
||
role:
|
||
- worker
|
||
internal_address: 10.215.66.90
|
||
#worker-5资源低,用于跑mysql
|
||
- address: 10.215.66.91
|
||
user: rke-installer
|
||
role:
|
||
- worker
|
||
internal_address: 10.215.66.91
|
||
labels:
|
||
mysql-deploy: true
|
||
|
||
|
||
# 默认值为false,如果设置为true,当发现不支持的Docker版本时,RKE不会报错
|
||
ignore_docker_version: true
|
||
|
||
# Set the name of the Kubernetes cluster
|
||
cluster_name: rke-cluster
|
||
|
||
#kubernetes_version: v1.18.16-rancher1-1
|
||
kubernetes_version: v1.20.4-rancher1-1
|
||
|
||
ssh_key_path: /home/rke-installer/.ssh/id_rsa
|
||
|
||
services:
|
||
etcd:
|
||
backup_config:
|
||
enabled: false
|
||
interval_hours: 72
|
||
retention: 3
|
||
safe_timestamp: false
|
||
timeout: 300
|
||
creation: 12h
|
||
extra_args:
|
||
election-timeout: 5000
|
||
heartbeat-interval: 500
|
||
cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
|
||
gid: 0
|
||
retention: 72h
|
||
snapshot: false
|
||
uid: 0
|
||
|
||
kube-api:
|
||
# IP range for any services created on Kubernetes
|
||
# This must match the service_cluster_ip_range in kube-controller
|
||
service_cluster_ip_range: 10.74.0.0/16
|
||
# Expose a different port range for NodePort services
|
||
service_node_port_range: 30000-40000
|
||
always_pull_images: true
|
||
pod_security_policy: false
|
||
# Add additional arguments to the kubernetes API server
|
||
# This WILL OVERRIDE any existing defaults
|
||
extra_args:
|
||
# Enable audit log to stdout
|
||
audit-log-path: "-"
|
||
# Increase number of delete workers
|
||
delete-collection-workers: 3
|
||
# Set the level of log output to debug-level
|
||
v: 1
|
||
kube-controller:
|
||
# CIDR pool used to assign IP addresses to pods in the cluster
|
||
cluster_cidr: 10.100.0.0/16
|
||
# IP range for any services created on Kubernetes
|
||
# This must match the service_cluster_ip_range in kube-api
|
||
service_cluster_ip_range: 10.74.0.0/16
|
||
kubelet:
|
||
# Base domain for the cluster
|
||
cluster_domain: cluster.local
|
||
# IP address for the DNS service endpoint
|
||
cluster_dns_server: 10.74.0.10
|
||
# Fail if swap is on
|
||
fail_swap_on: true
|
||
# Set max pods to 250 instead of default 110
|
||
extra_args:
|
||
max-pods: 122
|
||
# Optionally define additional volume binds to a service
|
||
scheduler:
|
||
extra_args:
|
||
# Set the level of log output to warning-level
|
||
v: 0
|
||
tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
|
||
|
||
|
||
authentication:
|
||
strategy: x509
|
||
sans:
|
||
- "10.215.66.85"
|
||
|
||
authorization:
|
||
mode: rbac
|
||
|
||
addon_job_timeout: 30
|
||
|
||
# Specify network plugin-in (canal, calico, flannel, weave, or none)
|
||
network:
|
||
mtu: 1440
|
||
options:
|
||
flannel_backend_type: vxlan
|
||
plugin: calico
|
||
#add by zxc@241129
|
||
# calico_network_provider:
|
||
# ipip:
|
||
# mode: cross-subnet
|
||
# interface: ens160
|
||
tolerations:
|
||
- key: "node.kubernetes.io/unreachable"
|
||
operator: "Exists"
|
||
effect: "NoExecute"
|
||
tolerationseconds: 300
|
||
- key: "node.kubernetes.io/not-ready"
|
||
operator: "Exists"
|
||
effect: "NoExecute"
|
||
tolerationseconds: 300
|
||
|
||
# Specify DNS provider (coredns or kube-dns)
|
||
dns:
|
||
provider: coredns
|
||
nodelocal: {}
|
||
tolerations:
|
||
- key: "node.kubernetes.io/unreachable"
|
||
operator: "Exists"
|
||
effect: "NoExecute"
|
||
tolerationseconds: 300
|
||
- key: "node.kubernetes.io/not-ready"
|
||
operator: "Exists"
|
||
effect: "NoExecute"
|
||
tolerationseconds: 300
|
||
|
||
ingress:
|
||
provider: nginx
|
||
default_backend: true
|
||
http_port: 0
|
||
https_port: 0
|
||
extra_envs:
|
||
- name: TZ
|
||
value: Asia/Shanghai
|
||
node_selector:
|
||
ingress-deploy: true
|
||
options:
|
||
use-forwarded-headers: "true"
|
||
|
||
private_registries:
|
||
- url: 10.215.66.85:8033 # 私有镜像库地址
|
||
user: admin
|
||
password: "Test@2"
|
||
is_default: true
|
||
#注:nodes:ip改为master及worker的ip
|
||
#authentication:ip改为master的ip
|
||
#private_registries:ip改为master的ip
|