nodes: - address: k8s-1.hq.c3d2.de user: ubuntu role: - controlplane - etcd - address: k8s-2.hq.c3d2.de user: ubuntu role: - controlplane - etcd - worker - address: k8s-3.hq.c3d2.de user: ubuntu role: - controlplane - etcd - worker ssh_agent_auth: true cluster_name: chaoscluster kubernetes_version: v1.13.5-rancher1-2 services: etcd: kube-api: # IP range for any services created on Kubernetes # This must match the service_cluster_ip_range in kube-controller service_cluster_ip_range: 10.43.0.0/16 # Expose a different port range for NodePort services service_node_port_range: 30000-32767 pod_security_policy: false # Add additional arguments to the kubernetes API server # This WILL OVERRIDE any existing defaults #extra_args: # # Enable audit log to stdout # audit-log-path: "-" # Note for Rancher 2 users: If you are configuring Cluster Options using a Config File when creating Rancher Launched Kubernetes, the names of services should contain underscores only: `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6. kube-controller: # CIDR pool used to assign IP addresses to pods in the cluster cluster_cidr: 10.42.0.0/16 # IP range for any services created on Kubernetes # This must match the service_cluster_ip_range in kube-api service_cluster_ip_range: 10.43.0.0/16 kubelet: # Base domain for the cluster cluster_domain: k8s.hq.c3d2.de # IP address for the DNS service endpoint cluster_dns_server: 10.43.0.10 # Fail if swap is on fail_swap_on: false # Set max pods to 250 instead of default 110 extra_args: max-pods: 250 # Optionally define additional volume binds to a service #extra_binds: # - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins" # Currently, only authentication strategy supported is x509. # You can optionally create additional SANs (hostnames or IPs) to add to # the API server PKI certificate. # This is useful if you want to use a load balancer for the control plane servers. authentication: strategy: x509 sans: - "k8s.hq.c3d2.de" - "172.22.99.13" - "172.22.99.15" - "172.22.99.16" # Kubernetes Authorization mode # Use `mode: rbac` to enable RBAC # Use `mode: none` to disable authorization authorization: mode: none # Add-ons are deployed using kubernetes jobs. RKE will give up on trying to get the job status after this timeout in seconds.. addon_job_timeout: 30 # Currently only nginx ingress provider is supported. # To disable ingress controller, set `provider: none` ingress: provider: nginx # All add-on manifests MUST specify a namespace addons: |- --- apiVersion: v1 kind: Pod metadata: name: my-nginx namespace: default spec: containers: - name: my-nginx image: nginx ports: - containerPort: 80 # addons_include: # - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml # - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-cluster.yaml # - /path/to/manifest