258 lines
6.6 KiB
YAML
258 lines
6.6 KiB
YAML
nodes:
|
||
- address: 192.168.10.3
|
||
user: root
|
||
port: 2202
|
||
role:
|
||
- controlplane
|
||
- etcd
|
||
- worker
|
||
internal_address: 192.168.10.3
|
||
labels:
|
||
ingress-deploy: true
|
||
- address: 192.168.10.4
|
||
user: root
|
||
port: 2202
|
||
role:
|
||
- worker
|
||
internal_address: 192.168.10.4
|
||
labels:
|
||
ingress-deploy: true
|
||
mysql-deploy: true
|
||
uavcloud.env: zjyd
|
||
- address: 192.168.10.5
|
||
user: root
|
||
port: 2202
|
||
role:
|
||
- worker
|
||
internal_address: 192.168.10.5
|
||
labels:
|
||
ingress-deploy: true
|
||
uavcloud.env: zjyd
|
||
- address: 192.168.10.6
|
||
user: root
|
||
port: 2202
|
||
role:
|
||
- worker
|
||
internal_address: 192.168.10.6
|
||
labels:
|
||
ingress-deploy: true
|
||
uavcloud.env: zjyd
|
||
- address: 192.168.10.2
|
||
user: root
|
||
port: 2202
|
||
role:
|
||
- worker
|
||
internal_address: 192.168.10.2
|
||
labels:
|
||
mongo.node: master
|
||
- address: 192.168.10.8
|
||
user: root
|
||
port: 2202
|
||
role:
|
||
- worker
|
||
internal_address: 192.168.10.8
|
||
labels:
|
||
uavcloud.env: zjyd
|
||
- address: 192.168.10.9
|
||
user: root
|
||
port: 2202
|
||
role:
|
||
- worker
|
||
internal_address: 192.168.10.9
|
||
labels:
|
||
redis.node: master
|
||
|
||
|
||
authentication:
|
||
strategy: x509
|
||
sans:
|
||
- "192.168.10.3"
|
||
|
||
private_registries:
|
||
- url: 192.168.10.3:8033 # 私有镜像库地址
|
||
user: admin
|
||
password: "V2ryStr@ngPss"
|
||
is_default: true
|
||
|
||
##############################################################################
|
||
|
||
# 默认值为false,如果设置为true,当发现不支持的Docker版本时,RKE不会报错
|
||
ignore_docker_version: true
|
||
|
||
# Set the name of the Kubernetes cluster
|
||
cluster_name: rke-cluster
|
||
|
||
kubernetes_version: v1.20.4-rancher1-1
|
||
|
||
ssh_key_path: /root/.ssh/id_ed25519
|
||
|
||
# Enable running cri-dockerd
|
||
# Up to Kubernetes 1.23, kubelet contained code called dockershim
|
||
# to support Docker runtime. The replacement is called cri-dockerd
|
||
# and should be enabled if you want to keep using Docker as your
|
||
# container runtime
|
||
# Only available to enable in Kubernetes 1.21 and higher
|
||
enable_cri_dockerd: true
|
||
|
||
|
||
services:
|
||
etcd:
|
||
backup_config:
|
||
enabled: false
|
||
interval_hours: 72
|
||
retention: 3
|
||
safe_timestamp: false
|
||
timeout: 300
|
||
creation: 12h
|
||
extra_args:
|
||
election-timeout: 5000
|
||
heartbeat-interval: 500
|
||
gid: 0
|
||
retention: 72h
|
||
snapshot: false
|
||
uid: 0
|
||
|
||
kube-api:
|
||
# IP range for any services created on Kubernetes
|
||
# This must match the service_cluster_ip_range in kube-controller
|
||
service_cluster_ip_range: 172.29.0.0/16
|
||
# Expose a different port range for NodePort services
|
||
service_node_port_range: 30000-40000
|
||
always_pull_images: true
|
||
pod_security_policy: false
|
||
# Add additional arguments to the kubernetes API server
|
||
# This WILL OVERRIDE any existing defaults
|
||
extra_args:
|
||
# Enable audit log to stdout
|
||
audit-log-path: "-"
|
||
# Increase number of delete workers
|
||
delete-collection-workers: 3
|
||
# Set the level of log output to warning-level
|
||
v: 0
|
||
# Using the EventRateLimit admission control enforces a limit on the number of events
|
||
# that the API Server will accept in a given time period
|
||
# Available as of v1.0.0
|
||
event_rate_limit:
|
||
enabled: false
|
||
configuration:
|
||
apiVersion: eventratelimit.admission.k8s.io/v1alpha1
|
||
kind: Configuration
|
||
limits:
|
||
- type: Server
|
||
qps: 6000
|
||
burst: 30000
|
||
kube-controller:
|
||
# CIDR pool used to assign IP addresses to pods in the cluster
|
||
cluster_cidr: 172.28.0.0/16
|
||
# IP range for any services created on Kubernetes
|
||
# This must match the service_cluster_ip_range in kube-api
|
||
service_cluster_ip_range: 172.29.0.0/16
|
||
# Add additional arguments to the kubernetes API server
|
||
# This WILL OVERRIDE any existing defaults
|
||
extra_args:
|
||
# Set the level of log output to debug-level
|
||
v: 1
|
||
# Enable RotateKubeletServerCertificate feature gate
|
||
feature-gates: RotateKubeletServerCertificate=true
|
||
# Enable TLS Certificates management
|
||
# https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
|
||
cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem"
|
||
cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"
|
||
kubelet:
|
||
# Base domain for the cluster
|
||
cluster_domain: cluster.local
|
||
# IP address for the DNS service endpoint
|
||
cluster_dns_server: 172.29.0.10
|
||
# Fail if swap is on
|
||
fail_swap_on: false
|
||
# Set max pods to 250 instead of default 110
|
||
extra_binds:
|
||
- "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加
|
||
extra_args:
|
||
max-pods: 162
|
||
# Optionally define additional volume binds to a service
|
||
scheduler:
|
||
extra_args:
|
||
# Set the level of log output to warning-level
|
||
v: 0
|
||
kubeproxy:
|
||
extra_args:
|
||
# Set the level of log output to warning-level
|
||
v: 0
|
||
|
||
authorization:
|
||
mode: rbac
|
||
|
||
addon_job_timeout: 30
|
||
|
||
network:
|
||
options:
|
||
flannel_backend_type: host-gw
|
||
flannel_iface: ens192
|
||
flannel_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
|
||
flannel_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
|
||
plugin: flannel
|
||
|
||
# Specify network plugin-in (canal, calico, flannel, weave, or none)
|
||
# network:
|
||
# mtu: 1440
|
||
# options:
|
||
# flannel_backend_type: vxlan
|
||
# plugin: calico
|
||
# tolerations:
|
||
# - key: "node.kubernetes.io/unreachable"
|
||
# operator: "Exists"
|
||
# effect: "NoExecute"
|
||
# tolerationseconds: 300
|
||
# - key: "node.kubernetes.io/not-ready"
|
||
# operator: "Exists"
|
||
# effect: "NoExecute"
|
||
# tolerationseconds: 300
|
||
|
||
# Specify DNS provider (coredns or kube-dns)
|
||
dns:
|
||
provider: coredns
|
||
nodelocal:
|
||
# Available as of v1.1.0
|
||
update_strategy:
|
||
strategy: RollingUpdate
|
||
rollingUpdate:
|
||
maxUnavailable: 20%
|
||
maxSurge: 15%
|
||
linear_autoscaler_params:
|
||
cores_per_replica: 0.34
|
||
nodes_per_replica: 4
|
||
prevent_single_point_failure: true
|
||
min: 2
|
||
max: 3
|
||
tolerations:
|
||
- key: "node.kubernetes.io/unreachable"
|
||
operator: "Exists"
|
||
effect: "NoExecute"
|
||
tolerationseconds: 300
|
||
- key: "node.kubernetes.io/not-ready"
|
||
operator: "Exists"
|
||
effect: "NoExecute"
|
||
tolerationseconds: 300
|
||
|
||
# Specify monitoring provider (metrics-server)
|
||
monitoring:
|
||
provider: metrics-server
|
||
# Available as of v1.1.0
|
||
update_strategy:
|
||
strategy: RollingUpdate
|
||
rollingUpdate:
|
||
maxUnavailable: 8
|
||
|
||
ingress:
|
||
provider: nginx
|
||
default_backend: true
|
||
http_port: 0
|
||
https_port: 0
|
||
extra_envs:
|
||
- name: TZ
|
||
value: Asia/Shanghai
|
||
node_selector:
|
||
ingress-deploy: true
|
||
options:
|
||
use-forwarded-headers: "true" |