完整文件示例

    1. nodes:
    2.   - address: 1.1.1.1
    3.     user: ubuntu
    4.     role:
    5.       - controlplane
    6.       - etcd
    7.     ssh_key_path: /home/user/.ssh/id_rsa
    8.     port: 2222
    9.   - address: 2.2.2.2
    10.     user: ubuntu
    11.     role:
    12.       - worker
    13.     ssh_key: |-
    14.       -----BEGIN RSA PRIVATE KEY-----
    16.       -----END RSA PRIVATE KEY-----
    17.   - address: example.com
    18.     user: ubuntu
    19.     role:
    20.       - worker
    21.     hostname_override: node3
    22.     internal_address: 192.168.1.6
    23.     labels:
    24.       app: ingress
    26. # 默认值为false,如果设置为true,当发现不支持的Docker版本时,RKE不会报错
    27. ignore_docker_version: false
    29. # 集群级SSH私钥,如果没有为节点设置ssh信息则使用该私钥
    30. ssh_key_path: ~/.ssh/test
    32. # 启用SSH代理,使用带有密码的SSH私钥
    33. # 这需要配置环境`SSH_AUTH_SOCK`,指向已添加私钥的SSH代理
    34. ssh_agent_auth: true
    36. # 镜像仓库凭证列表
    37. # 如果你使用的是Docker Hub注册表,
    38. # 你可以省略`url`
    39. # 或者设置为`docker.io`is_default设置为`true`
    40. # 将覆盖全局设置中设置的系统默认注册表
    41. private_registries:
    42.   - url: registry.com
    43.     user: Username # 请替换为真实的用户名
    44.     password: password # 请替换为真实的密码
    45.     is_default: true
    47. # 堡垒机配置
    48. bastion_host:
    49.   address: x.x.x.x
    50.   user: ubuntu
    51.   port: 22
    52.   ssh_key_path: /home/user/.ssh/bastion_rsa
    53. # or
    54. #   ssh_key: |-
    55. #     -----BEGIN RSA PRIVATE KEY-----
    56. #
    57. #     -----END RSA PRIVATE KEY-----
    59. # Set the name of the Kubernetes cluster
    60. cluster_name: mycluster
    62. # The Kubernetes version used. The default versions of Kubernetes
    63. # are tied to specific versions of the system images.
    64. #
    65. # For RKE v0.2.x and below, the map of Kubernetes versions and their system images is
    66. # located here:
    67. # https://github.com/rancher/types/blob/release/v2.2/apis/management.cattle.io/v3/k8s_defaults.go
    68. #
    69. # For RKE v0.3.0 and above, the map of Kubernetes versions and their system images is
    70. # located here:
    71. # https://github.com/rancher/kontainer-driver-metadata/blob/master/rke/k8s_rke_system_images.go
    72. #
    73. # In case the kubernetes_version and kubernetes image in
    75. kubernetes_version: v1.10.3-rancher2
    77. # System Images are defaulted to a tag that is mapped to a specific
    78. # Kubernetes Version and not required in a cluster.yml.
    79. # Each individual system image can be specified if you want to use a different tag.
    80. #
    81. # For RKE v0.2.x and below, the map of Kubernetes versions and their system images is
    82. # located here:
    83. # https://github.com/rancher/types/blob/release/v2.2/apis/management.cattle.io/v3/k8s_defaults.go
    84. #
    85. # For RKE v0.3.0 and above, the map of Kubernetes versions and their system images is
    86. # located here:
    87. # https://github.com/rancher/kontainer-driver-metadata/blob/master/rke/k8s_rke_system_images.go
    88. #
    89. system_images:
    90.   kubernetes: rancher/hyperkube:v1.10.3-rancher2
    91.   etcd: rancher/coreos-etcd:v3.1.12
    92.   alpine: rancher/rke-tools:v0.1.9
    93.   nginx_proxy: rancher/rke-tools:v0.1.9
    94.   cert_downloader: rancher/rke-tools:v0.1.9
    95.   kubernetes_services_sidecar: rancher/rke-tools:v0.1.9
    96.   kubedns: rancher/k8s-dns-kube-dns-amd64:1.14.8
    97.   dnsmasq: rancher/k8s-dns-dnsmasq-nanny-amd64:1.14.8
    98.   kubedns_sidecar: rancher/k8s-dns-sidecar-amd64:1.14.8
    99.   kubedns_autoscaler: rancher/cluster-proportional-autoscaler-amd64:1.0.0
    100.   pod_infra_container: rancher/pause-amd64:3.1
    102. services:
    103.   etcd:
    104.   # if external etcd is used
    105.   # path: /etcdcluster
    106.   # external_urls:
    107.   #   - https://etcd-example.com:2379
    108.   # ca_cert: |-
    109.   #   -----BEGIN CERTIFICATE-----
    110.   #   xxxxxxxxxx
    111.   #   -----END CERTIFICATE-----
    112.   # cert: |-
    113.   #   -----BEGIN CERTIFICATE-----
    114.   #   xxxxxxxxxx
    115.   #   -----END CERTIFICATE-----
    116.   # key: |-
    117.   #   -----BEGIN PRIVATE KEY-----
    118.   #   xxxxxxxxxx
    119.   #   -----END PRIVATE KEY-----
    120.   # Note for Rancher v2.0.5 and v2.0.6 users: If you are configuring
    121.   # Cluster Options using a Config File when creating Rancher Launched
    122.   # Kubernetes, the names of services should contain underscores
    123.   # only: `kube_api`.
    124.   kube-api:
    125.     # IP range for any services created on Kubernetes
    126.     # This must match the service_cluster_ip_range in kube-controller
    127.     service_cluster_ip_range: 10.43.0.0/16
    128.     # Expose a different port range for NodePort services
    129.     service_node_port_range: 30000-32767
    130.     pod_security_policy: false
    131.     # Add additional arguments to the kubernetes API server
    132.     # This WILL OVERRIDE any existing defaults
    133.     extra_args:
    134.       # Enable audit log to stdout
    135.       audit-log-path: "-"
    136.       # Increase number of delete workers
    137.       delete-collection-workers: 3
    138.       # Set the level of log output to debug-level
    139.       v: 4
    140.   # Note for Rancher 2 users: If you are configuring Cluster Options
    141.   # using a Config File when creating Rancher Launched Kubernetes,
    142.   # the names of services should contain underscores only:
    143.   # `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6.
    144.   kube-controller:
    145.     # CIDR pool used to assign IP addresses to pods in the cluster
    146.     cluster_cidr: 10.42.0.0/16
    147.     # IP range for any services created on Kubernetes
    149.   kubelet:
    150.     # Base domain for the cluster
    151.     cluster_domain: cluster.local
    152.     # IP address for the DNS service endpoint
    153.     cluster_dns_server: 10.43.0.10
    154.     # Fail if swap is on
    155.     fail_swap_on: false
    156.     # Set max pods to 250 instead of default 110
    157.     extra_args:
    158.       max-pods: 250
    159.     # Optionally define additional volume binds to a service
    160.     extra_binds:
    161.       - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"
    163. # Currently, only authentication strategy supported is x509.
    164. # You can optionally create additional SANs (hostnames or IPs) to
    165. # add to the API server PKI certificate.
    166. # This is useful if you want to use a load balancer for the
    167. # control plane servers.
    168. authentication:
    169.   strategy: x509
    170.   sans:
    171.     - "10.18.160.10"
    172.     - "my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com"
    174. # Kubernetes Authorization mode
    175. # Use `mode: rbac` to enable RBAC
    176. # Use `mode: none` to disable authorization
    177. authorization:
    178.   mode: rbac
    180. # If you want to set a Kubernetes cloud provider, you specify
    181. # the name and configuration
    182. cloud_provider:
    183.   name: aws
    185. # Add-ons are deployed using kubernetes jobs. RKE will give
    186. # up on trying to get the job status after this timeout in seconds..
    187. addon_job_timeout: 30
    189. # Specify network plugin-in (canal, calico, flannel, weave, or none)
    190. network:
    191.   plugin: canal
    193. # Specify DNS provider (coredns or kube-dns)
    194. dns:
    195.   provider: coredns
    197. # Currently only nginx ingress provider is supported.
    198. # To disable ingress controller, set `provider: none`
    199. # `node_selector` controls ingress placement and is optional
    200. ingress:
    201.   provider: nginx
    202.   node_selector:
    203.     app: ingress
    205. # All add-on manifests MUST specify a namespace
    206. addons: |-
    207.   ---
    208.   apiVersion: v1
    209.   kind: Pod
    210.   metadata:
    211.     name: my-nginx
    212.     namespace: default
    213.   spec:
    214.     containers:
    215.     - name: my-nginx
    216.       image: nginx
    217.       ports:
    218.       - containerPort: 80
    220. addons_include:
    221.   - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml