Kubernetes initializes cluster configuration
By default, the RKE cluster parameter configuration is generated by default, and the user only needs to fill in IP
port
node type
.But in some advanced scenarios, users need to customize cluster parameters, such as modifying network plugin
Kubelet parameters
, etc. Custom RKE cluster parameter configuration will be useful to you.
In order to automate the configuration with best practice parameters, the user threshold is reduced.Please configure it with caution until you fully master the RKE configuration parameter configuration.
As shown in the figure above, when entering the Kubernetes cluster configuration page, click the red box to configure the Kubernetes cluster parameters.
The configuration example is as follows:
For more details, please refer to RKE official documentation
nodes:
- address: 192.168.3.169
port: "22"
internal_address: 192.168.3.169
role:
- etcd
- controlplane
- worker
hostname_override: ""
user: docker
docker_socket: ""
ssh_key: ""
ssh_key_path: ~/.ssh/id_rsa
ssh_cert: ""
ssh_cert_path: ""
labels: {}
# app: ingress
taints: []
# - key: test-key
# value: test-value
# effect: NoSchedule
# 检测docker版本,为false时如果docker版本RKE不支持则安装失败
ignore_docker_version: false
# 集群级密钥证书路径
ssh_key_path: ""
ssh_cert_path: ""
# Enable use of SSH agent to use SSH private keys with passphrase
# This requires the environment `SSH_AUTH_SOCK` configured pointing
# to your SSH agent which has the private key added
ssh_agent_auth: false
# 私有镜像仓库
private_registries:
- url: registry.com
user: Username
password: password
is_default: true
# 堡垒机/跳板机 配置
bastion_host:
address: x.x.x.x
user: docker
port: 22
ssh_key_path: /home/user/.ssh/bastion_rsa
# or
# ssh_key: |-
# -----BEGIN RSA PRIVATE KEY-----
#
# -----END RSA PRIVATE KEY-----
# 设置 Kubernetes 集群名称
cluster_name: mycluster
# Kubernetes 版本
kubernetes_version: ""
# 系统镜像
system_images:
etcd: ""
alpine: ""
nginx_proxy: ""
cert_downloader: ""
kubernetes_services_sidecar: ""
kubedns: ""
dnsmasq: ""
kubedns_sidecar: ""
kubedns_autoscaler: ""
coredns: ""
coredns_autoscaler: ""
nodelocal: ""
kubernetes: ""
flannel: ""
flannel_cni: ""
calico_node: ""
calico_cni: ""
calico_controllers: ""
calico_ctl: ""
calico_flexvol: ""
canal_node: ""
canal_cni: ""
canal_controllers: ""
canal_flannel: ""
canal_flexvol: ""
weave_node: ""
weave_cni: ""
pod_infra_container: ""
ingress: ""
ingress_backend: ""
metrics_server: ""
windows_pod_infra_container: ""
aci_cni_deploy_container: ""
aci_host_container: ""
aci_opflex_container: ""
aci_mcast_container: ""
aci_ovs_container: ""
aci_controller_container: ""
aci_gbp_server_container: ""
aci_opflex_server_container: ""
services:
etcd:
# etcd目录和文件 自定义uid/gid
uid: 52034
gid: 52034
# 如果使用外部etcd则填写以下内容
# path: /etcdcluster
# external_urls:
# - https://etcd-example.com:2379
# ca_cert: |-
# -----BEGIN CERTIFICATE-----
# xxxxxxxxxx
# -----END CERTIFICATE-----
# cert: |-
# -----BEGIN CERTIFICATE-----
# xxxxxxxxxx
# -----END CERTIFICATE-----
# key: |-
# -----BEGIN PRIVATE KEY-----
# xxxxxxxxxx
# -----END PRIVATE KEY-----
kube-api:
# 在Kubernetes上创建的IP范围必须与 kube-controller 中的 service_cluster_ip_range 匹配
service_cluster_ip_range: 10.43.0.0/16
# 为NodePort服务公开不同的端口范围
service_node_port_range: 30000-32767
pod_security_policy: false
image: ""
extra_args: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_binds: []
win_extra_env: []
pod_security_policy: false
always_pull_images: false
secrets_encryption_config: null
audit_log: null
admission_configuration: null
event_rate_limit: null
kube-controller:
# CIDR池用于为集群中的pod分配IP地址
cluster_cidr: 10.42.0.0/16
# 在Kubernetes上创建的服务的IP范围必须与kube-api中的service_cluster_ip_range匹配
service_cluster_ip_range: 10.43.0.0/16
# 添加一些额外的参数
extra_args:
# 例如:设置日志输出的级别为调试级别
v: 4
kubelet:
# 集群域
cluster_domain: cluster.local
# DNS服务IP地址
cluster_dns_server: 10.43.0.10
# 如果交换处于开启状态,则失败
fail_swap_on: false
# 配置 pod-infra-container-image
pod-infra-container-image: "k8s.gcr.io/pause:3.2"
# 生成kubelet服务证书
generate_serving_certificate: true
# 添加一些额外的参数
extra_args:
# 设置pod最大250,而不是默认的110
max-pods: 250
# 存储卷绑定
extra_binds:
- /grlocaldata:/grlocaldata:rw,z
scheduler:
image: ""
extra_args: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_binds: []
win_extra_env: []
kubeproxy:
image: ""
extra_args: {}
extra_binds: []
extra_env: []
win_extra_args: {}
win_extra_binds: []
win_extra_env: []
# x509认证策略
authentication:
strategy: x509
sans: []
webhook: null
# Kubernetes 授权模式
# 使用 `mode: rbac` 开启 RBAC
# 使用 `mode: none` 关闭 授权
authorization:
mode: rbac
# job 超时时间 30s
addon_job_timeout: 30
# 可选网络插件 (canal, calico, flannel, weave, or none)
network:
plugin: flannel
options: {}
mtu: 0
node_selector: {}
update_strategy: null
tolerations: []
# 可选DNS (coredns or kube-dns or null)
dns: null
# 指定监控供应商 (metrics-server)
monitoring:
provider: none
The above configuration basically does not need to be modified, and most users can meet their needs through visual configuration.
To modify, modify the configuration file as required, such as:
Modify the network plugin to calico, modify
network.plugin
tocalico
By default, the calico image will be pulled from dockerhub. If you need to customize the image address, please specify the image address in system_images
network:
plugin: calico
- After modifying the configuration, click Update Cluster and wait for the cluster update to complete.