|
@@ -0,0 +1,105 @@
|
|
1
|
+nodes:
|
|
2
|
+ - address: k8s-1.hq.c3d2.de
|
|
3
|
+ user: ubuntu
|
|
4
|
+ role:
|
|
5
|
+ - controlplane
|
|
6
|
+ - etcd
|
|
7
|
+ - address: k8s-2.hq.c3d2.de
|
|
8
|
+ user: ubuntu
|
|
9
|
+ role:
|
|
10
|
+ - controlplane
|
|
11
|
+ - etcd
|
|
12
|
+ - worker
|
|
13
|
+ - address: k8s-3.hq.c3d2.de
|
|
14
|
+ user: ubuntu
|
|
15
|
+ role:
|
|
16
|
+ - controlplane
|
|
17
|
+ - etcd
|
|
18
|
+ - worker
|
|
19
|
+
|
|
20
|
+ssh_agent_auth: true
|
|
21
|
+cluster_name: chaoscluster
|
|
22
|
+kubernetes_version: v1.13.5-rancher1-2
|
|
23
|
+
|
|
24
|
+services:
|
|
25
|
+ etcd:
|
|
26
|
+
|
|
27
|
+ kube-api:
|
|
28
|
+ # IP range for any services created on Kubernetes
|
|
29
|
+ # This must match the service_cluster_ip_range in kube-controller
|
|
30
|
+ service_cluster_ip_range: 10.43.0.0/16
|
|
31
|
+ # Expose a different port range for NodePort services
|
|
32
|
+ service_node_port_range: 30000-32767
|
|
33
|
+ pod_security_policy: false
|
|
34
|
+ # Add additional arguments to the kubernetes API server
|
|
35
|
+ # This WILL OVERRIDE any existing defaults
|
|
36
|
+ #extra_args:
|
|
37
|
+ # # Enable audit log to stdout
|
|
38
|
+ # audit-log-path: "-"
|
|
39
|
+ # Note for Rancher 2 users: If you are configuring Cluster Options using a Config File when creating Rancher Launched Kubernetes, the names of services should contain underscores only: `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6.
|
|
40
|
+ kube-controller:
|
|
41
|
+ # CIDR pool used to assign IP addresses to pods in the cluster
|
|
42
|
+ cluster_cidr: 10.42.0.0/16
|
|
43
|
+ # IP range for any services created on Kubernetes
|
|
44
|
+ # This must match the service_cluster_ip_range in kube-api
|
|
45
|
+ service_cluster_ip_range: 10.43.0.0/16
|
|
46
|
+ kubelet:
|
|
47
|
+ # Base domain for the cluster
|
|
48
|
+ cluster_domain: k8s.hq.c3d2.de
|
|
49
|
+ # IP address for the DNS service endpoint
|
|
50
|
+ cluster_dns_server: 10.43.0.10
|
|
51
|
+ # Fail if swap is on
|
|
52
|
+ fail_swap_on: false
|
|
53
|
+ # Set max pods to 250 instead of default 110
|
|
54
|
+ extra_args:
|
|
55
|
+ max-pods: 250
|
|
56
|
+ # Optionally define additional volume binds to a service
|
|
57
|
+ #extra_binds:
|
|
58
|
+ # - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"
|
|
59
|
+
|
|
60
|
+# Currently, only authentication strategy supported is x509.
|
|
61
|
+# You can optionally create additional SANs (hostnames or IPs) to add to
|
|
62
|
+# the API server PKI certificate.
|
|
63
|
+# This is useful if you want to use a load balancer for the control plane servers.
|
|
64
|
+authentication:
|
|
65
|
+ strategy: x509
|
|
66
|
+ sans:
|
|
67
|
+ - "k8s.hq.c3d2.de"
|
|
68
|
+ - "172.22.99.13"
|
|
69
|
+ - "172.22.99.15"
|
|
70
|
+ - "172.22.99.16"
|
|
71
|
+
|
|
72
|
+# Kubernetes Authorization mode
|
|
73
|
+# Use `mode: rbac` to enable RBAC
|
|
74
|
+# Use `mode: none` to disable authorization
|
|
75
|
+authorization:
|
|
76
|
+ mode: none
|
|
77
|
+
|
|
78
|
+# Add-ons are deployed using kubernetes jobs. RKE will give up on trying to get the job status after this timeout in seconds..
|
|
79
|
+addon_job_timeout: 30
|
|
80
|
+
|
|
81
|
+# Currently only nginx ingress provider is supported.
|
|
82
|
+# To disable ingress controller, set `provider: none`
|
|
83
|
+
|
|
84
|
+ingress:
|
|
85
|
+ provider: nginx
|
|
86
|
+
|
|
87
|
+# All add-on manifests MUST specify a namespace
|
|
88
|
+addons: |-
|
|
89
|
+ ---
|
|
90
|
+ apiVersion: v1
|
|
91
|
+ kind: Pod
|
|
92
|
+ metadata:
|
|
93
|
+ name: my-nginx
|
|
94
|
+ namespace: default
|
|
95
|
+ spec:
|
|
96
|
+ containers:
|
|
97
|
+ - name: my-nginx
|
|
98
|
+ image: nginx
|
|
99
|
+ ports:
|
|
100
|
+ - containerPort: 80
|
|
101
|
+
|
|
102
|
+# addons_include:
|
|
103
|
+# - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml
|
|
104
|
+# - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-cluster.yaml
|
|
105
|
+# - /path/to/manifest
|