自签名证书和7层负载均衡的cluster.yml 文件模板

RKE 使用 cluster.yml 文件安装和配置您的 Kubernetes 集群。

本模板旨在用于 RKE 插件安装,只支持到 Rancher v2.0.8。如果您要安装更新的 Rancher 版本,请使用 Rancher Helm chart。有关详细信息,请参阅Kubernetes 安装-安装大纲

如果您使用配置如下所示,您可以使用这个 cluster.yml 模板安装和配置集群。

详情请参考RKE 文档

  1. nodes:
  3.   - address: <IP> # hostname or IP to access nodes
  5.     user: <USER> # root user (usually 'root')
  7.     role: [controlplane, etcd, worker] # K8s roles for node
  9.     ssh_key_path: <PEM_FILE> # path to PEM file
  11.   - address: <IP>
  13.     user: <USER>
  15.     role: [controlplane, etcd, worker]
  17.     ssh_key_path: <PEM_FILE>
  19.   - address: <IP>
  21.     user: <USER>
  23.     role: [controlplane, etcd, worker]
  25.     ssh_key_path: <PEM_FILE>
  27. services:
  29.   etcd:
  31.     snapshot: true
  33.     creation: 6h
  35.     retention: 24h
  37. addons: |-
  39.   ---
  41.   kind: Namespace
  43.   apiVersion: v1
  45.   metadata:
  47.     name: cattle-system
  49.   ---
  51.   kind: ServiceAccount
  53.   apiVersion: v1
  55.   metadata:
  57.     name: cattle-admin
  59.     namespace: cattle-system
  61.   ---
  63.   kind: ClusterRoleBinding
  65.   apiVersion: rbac.authorization.k8s.io/v1
  67.   metadata:
  69.     name: cattle-crb
  71.     namespace: cattle-system
  73.   subjects:
  75.   - kind: ServiceAccount
  77.     name: cattle-admin
  79.     namespace: cattle-system
  81.   roleRef:
  83.     kind: ClusterRole
  85.     name: cluster-admin
  87.     apiGroup: rbac.authorization.k8s.io
  89.   ---
  91.   apiVersion: v1
  93.   kind: Secret
  95.   metadata:
  97.     name: cattle-keys-server
  99.     namespace: cattle-system
  101.   type: Opaque
  103.   data:
  105.     cacerts.pem: <BASE64_CA>  # CA cert used to sign cattle server cert and key
  107.   ---
  109.   apiVersion: v1
  111.   kind: Service
  113.   metadata:
  115.     namespace: cattle-system
  117.     name: cattle-service
  119.     labels:
  121.       app: cattle
  123.   spec:
  125.     ports:
  127.     - port: 80
  129.       targetPort: 80
  131.       protocol: TCP
  133.       name: http
  135.     selector:
  137.       app: cattle
  139.   ---
  141.   apiVersion: extensions/v1beta1
  143.   kind: Ingress
  145.   metadata:
  147.     namespace: cattle-system
  149.     name: cattle-ingress-http
  151.     annotations:
  153.       nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
  155.       nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"   # Max time in seconds for ws to remain shell window open
  157.       nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"   # Max time in seconds for ws to remain shell window open
  159.       nginx.ingress.kubernetes.io/ssl-redirect: "false"        # Disable redirect to ssl
  161.   spec:
  163.     rules:
  165.     - host: <FQDN>
  167.       http:
  169.         paths:
  171.         - backend:
  173.             serviceName: cattle-service
  175.             servicePort: 80
  177.   ---
  179.   kind: Deployment
  181.   apiVersion: extensions/v1beta1
  183.   metadata:
  185.     namespace: cattle-system
  187.     name: cattle
  189.   spec:
  191.     replicas: 1
  193.     template:
  195.       metadata:
  197.         labels:
  199.           app: cattle
  201.       spec:
  203.         serviceAccountName: cattle-admin
  205.         containers:
  207.         # Rancher install via RKE addons is only supported up to v2.0.8
  209.         - image: rancher/rancher:v2.0.8
  211.           imagePullPolicy: Always
  213.           name: cattle-server
  215.   #       env:
  217.   #       - name: HTTP_PROXY
  219.   #         value: "http://your_proxy_address:port"
  221.   #       - name: HTTPS_PROXY
  223.   #         value: "http://your_proxy_address:port"
  225.   #       - name: NO_PROXY
  227.   #         value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,your_network_ranges_that_dont_need_proxy_to_access"
  229.           livenessProbe:
  231.             httpGet:
  233.               path: /ping
  235.               port: 80
  237.             initialDelaySeconds: 60
  239.             periodSeconds: 60
  241.           readinessProbe:
  243.             httpGet:
  245.               path: /ping
  247.               port: 80
  249.             initialDelaySeconds: 20
  251.             periodSeconds: 10
  253.           ports:
  255.           - containerPort: 80
  257.             protocol: TCP
  259.           volumeMounts:
  261.           - mountPath: /etc/rancher/ssl
  263.             name: cattle-keys-volume
  265.             readOnly: true
  267.         volumes:
  269.         - name: cattle-keys-volume
  271.           secret:
  273.             defaultMode: 420
  275.             secretName: cattle-keys-server