CmiiDeploy/42-202411-山东二级平台/rke-cluster.yml

nodes:
  - address: 134.80.124.6
    user: root
    role:
      - controlplane
      - etcd
      - worker
    internal_address: 134.80.124.6
    labels:
      ingress-deploy: true
  - address: 134.80.124.7
    user: root
    role:
      - controlplane
      - etcd
      - worker
    internal_address: 134.80.124.7
    labels:
      ingress-deploy: true
  - address: 134.80.124.8
    user: root
    role:
      - controlplane
      - etcd
      - worker
    internal_address: 134.80.124.8
    labels:
      ingress-deploy: true
  - address: 134.80.124.9
    user: root
    role:
      - worker
    internal_address: 134.80.124.9
    labels:
      uavcloud.env: sdejpt
  - address: 134.80.124.10
    user: root
    role:
      - worker
    internal_address: 134.80.124.10
    labels:
      uavcloud.env: sdejpt
  - address: 134.80.124.11
    user: root
    role:
      - worker
    internal_address: 134.80.124.11
    labels:
      uavcloud.env: sdejpt
  - address: 134.80.124.12
    user: root
    role:
      - worker
    internal_address: 134.80.124.12
    labels:
      uavcloud.env: sdejpt
  - address: 134.80.124.13
    user: root
    role:
      - worker
    internal_address: 134.80.124.13
    labels:
      uavcloud.env: sdejpt
  - address: 134.80.124.14
    user: root
    role:
      - worker
    internal_address: 134.80.124.14
    labels:
      uavcloud.env: sdejpt
  - address: 134.80.124.19
    user: root
    role:
      - worker
    internal_address: 134.80.124.119
    labels:
      mysql-deploy: master
  - address: 134.80.124.20
    user: root
    role:
      - worker
    internal_address: 134.80.124.20
    labels:
      mysql-deploy: replication


authenticaion:
  strategy: x509
  sans:
    - "134.80.124.6"
    - "134.80.124.7"
    - "134.80.124.8"

private_registries:
  - url: 134.80.124.7:8033 # 私有镜像库地址
    user: admin
    password: "V2ryStr@ngPss"
    is_default: true

##############################################################################

# 默认值为false，如果设置为true，当发现不支持的Docker版本时，RKE不会报错
ignore_docker_version: true

# Set the name of the Kubernetes cluster
cluster_name: rke-cluster

kubernetes_version: v1.20.4-rancher1-1

ssh_key_path: /root/.ssh/id_ed25519
#ssh_key_path: /root/.ssh/id_rsa

# Enable running cri-dockerd
# Up to Kubernetes 1.23, kubelet contained code called dockershim
# to support Docker runtime. The replacement is called cri-dockerd
# and should be enabled if you want to keep using Docker as your
# container runtime
# Only available to enable in Kubernetes 1.21 and higher
enable_cri_dockerd: true

services:
  etcd:
    backup_config:
      enabled: false
      interval_hours: 72
      retention: 3
      safe_timestamp: false
      timeout: 300
    creation: 12h
    extra_args:
        election-timeout: 5000
        heartbeat-interval: 500
    gid: 0
    retention: 72h
    snapshot: false
    uid: 0

  kube-api:
    # IP range for any services created on Kubernetes
    # This must match the service_cluster_ip_range in kube-controller
    service_cluster_ip_range: 172.24.0.0/16
    # Expose a different port range for NodePort services
    service_node_port_range: 30000-40000
    always_pull_images: true
    pod_security_policy: false
    # Add additional arguments to the kubernetes API server
    # This WILL OVERRIDE any existing defaults
    extra_args:
      # Enable audit log to stdout
      audit-log-path: "-"
      # Increase number of delete workers
      delete-collection-workers: 3
      # Set the level of log output to warning-level
      v: 1
  kube-controller:
    # CIDR pool used to assign IP addresses to pods in the cluster
    cluster_cidr: 172.28.0.0/16
    # IP range for any services created on Kubernetes
    # This must match the service_cluster_ip_range in kube-api
    service_cluster_ip_range: 172.24.0.0/16
    # Add additional arguments to the kubernetes API server
    # This WILL OVERRIDE any existing defaults
    extra_args:
      # Set the level of log output to debug-level
      v: 1
      # Enable RotateKubeletServerCertificate feature gate
      feature-gates: RotateKubeletServerCertificate=true
      # Enable TLS Certificates management
      # https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
      cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem"
      cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"
  kubelet:
    # Base domain for the cluster
    cluster_domain: cluster.local
    # IP address for the DNS service endpoint
    cluster_dns_server: 172.24.0.10
    # Fail if swap is on
    fail_swap_on: false
    # Set max pods to 250 instead of default 110
    extra_binds:
      - "/data/minio-pv:/hostStorage" # 不要修改 为minio的pv添加
    extra_args:
      max-pods: 122
    # Optionally define additional volume binds to a service
  scheduler:
    extra_args:
      # Set the level of log output to warning-level
      v: 0
  kubeproxy:
    extra_args:
      # Set the level of log output to warning-level
      v: 1

authorization:
  mode: rbac

addon_job_timeout: 30

# Specify network plugin-in (canal, calico, flannel, weave, or none)
network:
  options:
    flannel_backend_type: vxlan
    flannel_iface: ens34
    flannel_autoscaler_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
    flannel_priority_class_name: system-cluster-critical # Available as of RKE v1.2.6+
  plugin: calico

# Specify DNS provider (coredns or kube-dns)
dns:
  provider: coredns
  nodelocal: {}
  # Available as of v1.1.0
  update_strategy:
    strategy: RollingUpdate
    rollingUpdate:
      maxUnavailable: 20%
      maxSurge: 15%
    linear_autoscaler_params:
      cores_per_replica: 0.34
      nodes_per_replica: 4
      prevent_single_point_failure: true
      min: 2
      max: 3

# Specify monitoring provider (metrics-server)
monitoring:
  provider: metrics-server
  # Available as of v1.1.0
  update_strategy:
    strategy: RollingUpdate
    rollingUpdate:
      maxUnavailable: 8

ingress:
  provider: nginx
  default_backend: true
  http_port: 0
  https_port: 0
  extra_envs:
    - name: TZ
      value: Asia/Shanghai
  node_selector:
    ingress-deploy: true
  options:
    use-forwarded-headers: "true"
    access-log-path: /var/log/nginx/access.log
    client-body-timeout: '6000'
    compute-full-forwarded-for: 'true'
    enable-underscores-in-headers: 'true'
    log-format-escape-json: 'true'
    log-format-upstream: >-
      { "msec": "$msec", "connection": "$connection", "connection_requests":
      "$connection_requests", "pid": "$pid", "request_id": "$request_id",
      "request_length": "$request_length", "remote_addr": "$remote_addr",
      "remote_user": "$remote_user", "remote_port": "$remote_port",
      "http_x_forwarded_for": "$http_x_forwarded_for", "time_local":
      "$time_local", "time_iso8601": "$time_iso8601", "request": "$request",
      "request_uri": "$request_uri", "args": "$args", "status": "$status",
      "body_bytes_sent": "$body_bytes_sent", "bytes_sent": "$bytes_sent",
      "http_referer": "$http_referer", "http_user_agent": "$http_user_agent",
      "http_host": "$http_host", "server_name": "$server_name", "request_time":
      "$request_time", "upstream": "$upstream_addr", "upstream_connect_time":
      "$upstream_connect_time", "upstream_header_time": "$upstream_header_time",
      "upstream_response_time": "$upstream_response_time",
      "upstream_response_length": "$upstream_response_length",
      "upstream_cache_status": "$upstream_cache_status", "ssl_protocol":
      "$ssl_protocol", "ssl_cipher": "$ssl_cipher", "scheme": "$scheme",
      "request_method": "$request_method", "server_protocol": "$server_protocol",
      "pipe": "$pipe", "gzip_ratio": "$gzip_ratio", "http_cf_ray": "$http_cf_ray",
      "geoip_country_code": "$geoip_country_code" }
    proxy-body-size: 5120m
    proxy-read-timeout: '6000'
    proxy-send-timeout: '6000'