nix-config/kubernetes/cluster.yml

106 satır
3.3 KiB
YAML

nodes:
- address: k8s-1.hq.c3d2.de
user: ubuntu
role:
- controlplane
- etcd
- address: k8s-2.hq.c3d2.de
user: ubuntu
role:
- controlplane
- etcd
- worker
- address: k8s-3.hq.c3d2.de
user: ubuntu
role:
- controlplane
- etcd
- worker
ssh_agent_auth: true
cluster_name: chaoscluster
kubernetes_version: v1.13.5-rancher1-2
services:
etcd:
kube-api:
# IP range for any services created on Kubernetes
# This must match the service_cluster_ip_range in kube-controller
service_cluster_ip_range: 10.43.0.0/16
# Expose a different port range for NodePort services
service_node_port_range: 30000-32767
pod_security_policy: false
# Add additional arguments to the kubernetes API server
# This WILL OVERRIDE any existing defaults
#extra_args:
# # Enable audit log to stdout
# audit-log-path: "-"
# Note for Rancher 2 users: If you are configuring Cluster Options using a Config File when creating Rancher Launched Kubernetes, the names of services should contain underscores only: `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6.
kube-controller:
# CIDR pool used to assign IP addresses to pods in the cluster
cluster_cidr: 10.42.0.0/16
# IP range for any services created on Kubernetes
# This must match the service_cluster_ip_range in kube-api
service_cluster_ip_range: 10.43.0.0/16
kubelet:
# Base domain for the cluster
cluster_domain: k8s.hq.c3d2.de
# IP address for the DNS service endpoint
cluster_dns_server: 10.43.0.10
# Fail if swap is on
fail_swap_on: false
# Set max pods to 250 instead of default 110
extra_args:
max-pods: 250
# Optionally define additional volume binds to a service
#extra_binds:
# - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"
# Currently, only authentication strategy supported is x509.
# You can optionally create additional SANs (hostnames or IPs) to add to
# the API server PKI certificate.
# This is useful if you want to use a load balancer for the control plane servers.
authentication:
strategy: x509
sans:
- "k8s.hq.c3d2.de"
- "172.22.99.13"
- "172.22.99.15"
- "172.22.99.16"
# Kubernetes Authorization mode
# Use `mode: rbac` to enable RBAC
# Use `mode: none` to disable authorization
authorization:
mode: none
# Add-ons are deployed using kubernetes jobs. RKE will give up on trying to get the job status after this timeout in seconds..
addon_job_timeout: 30
# Currently only nginx ingress provider is supported.
# To disable ingress controller, set `provider: none`
ingress:
provider: nginx
# All add-on manifests MUST specify a namespace
addons: |-
---
apiVersion: v1
kind: Pod
metadata:
name: my-nginx
namespace: default
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
# addons_include:
# - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml
# - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-cluster.yaml
# - /path/to/manifest