forked from c3d2/nix-config
106 lines
3.3 KiB
YAML
106 lines
3.3 KiB
YAML
nodes:
|
|
- address: k8s-1.hq.c3d2.de
|
|
user: ubuntu
|
|
role:
|
|
- controlplane
|
|
- etcd
|
|
- address: k8s-2.hq.c3d2.de
|
|
user: ubuntu
|
|
role:
|
|
- controlplane
|
|
- etcd
|
|
- worker
|
|
- address: k8s-3.hq.c3d2.de
|
|
user: ubuntu
|
|
role:
|
|
- controlplane
|
|
- etcd
|
|
- worker
|
|
|
|
ssh_agent_auth: true
|
|
cluster_name: chaoscluster
|
|
kubernetes_version: v1.13.5-rancher1-2
|
|
|
|
services:
|
|
etcd:
|
|
|
|
kube-api:
|
|
# IP range for any services created on Kubernetes
|
|
# This must match the service_cluster_ip_range in kube-controller
|
|
service_cluster_ip_range: 10.43.0.0/16
|
|
# Expose a different port range for NodePort services
|
|
service_node_port_range: 30000-32767
|
|
pod_security_policy: false
|
|
# Add additional arguments to the kubernetes API server
|
|
# This WILL OVERRIDE any existing defaults
|
|
#extra_args:
|
|
# # Enable audit log to stdout
|
|
# audit-log-path: "-"
|
|
# Note for Rancher 2 users: If you are configuring Cluster Options using a Config File when creating Rancher Launched Kubernetes, the names of services should contain underscores only: `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6.
|
|
kube-controller:
|
|
# CIDR pool used to assign IP addresses to pods in the cluster
|
|
cluster_cidr: 10.42.0.0/16
|
|
# IP range for any services created on Kubernetes
|
|
# This must match the service_cluster_ip_range in kube-api
|
|
service_cluster_ip_range: 10.43.0.0/16
|
|
kubelet:
|
|
# Base domain for the cluster
|
|
cluster_domain: k8s.hq.c3d2.de
|
|
# IP address for the DNS service endpoint
|
|
cluster_dns_server: 10.43.0.10
|
|
# Fail if swap is on
|
|
fail_swap_on: false
|
|
# Set max pods to 250 instead of default 110
|
|
extra_args:
|
|
max-pods: 250
|
|
# Optionally define additional volume binds to a service
|
|
#extra_binds:
|
|
# - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"
|
|
|
|
# Currently, only authentication strategy supported is x509.
|
|
# You can optionally create additional SANs (hostnames or IPs) to add to
|
|
# the API server PKI certificate.
|
|
# This is useful if you want to use a load balancer for the control plane servers.
|
|
authentication:
|
|
strategy: x509
|
|
sans:
|
|
- "k8s.hq.c3d2.de"
|
|
- "172.22.99.13"
|
|
- "172.22.99.15"
|
|
- "172.22.99.16"
|
|
|
|
# Kubernetes Authorization mode
|
|
# Use `mode: rbac` to enable RBAC
|
|
# Use `mode: none` to disable authorization
|
|
authorization:
|
|
mode: none
|
|
|
|
# Add-ons are deployed using kubernetes jobs. RKE will give up on trying to get the job status after this timeout in seconds..
|
|
addon_job_timeout: 30
|
|
|
|
# Currently only nginx ingress provider is supported.
|
|
# To disable ingress controller, set `provider: none`
|
|
|
|
ingress:
|
|
provider: nginx
|
|
|
|
# All add-on manifests MUST specify a namespace
|
|
addons: |-
|
|
---
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: my-nginx
|
|
namespace: default
|
|
spec:
|
|
containers:
|
|
- name: my-nginx
|
|
image: nginx
|
|
ports:
|
|
- containerPort: 80
|
|
|
|
# addons_include:
|
|
# - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml
|
|
# - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-cluster.yaml
|
|
# - /path/to/manifest
|