RKE uses a cluster.yml file to install and configure your Kubernetes cluster.

    This template is intended to be used for RKE add-on installs, which are only supported up to Rancher v2.0.8. Please use the Rancher Helm chart if you are installing a newer Rancher version.

    The following template can be used for the cluster.yml if you have a setup with:

    For more options, refer to RKE Documentation: Config Options.

    1. nodes:
    2. - address: <IP> # hostname or IP to access nodes
    3. user: <USER> # root user (usually 'root')
    4. role: [controlplane,etcd,worker] # K8s roles for node
    5. ssh_key_path: <PEM_FILE> # path to PEM file
    6. - address: <IP>
    7. user: <USER>
    8. role: [controlplane,etcd,worker]
    9. ssh_key_path: <PEM_FILE>
    10. - address: <IP>
    11. user: <USER>
    12. role: [controlplane,etcd,worker]
    13. ssh_key_path: <PEM_FILE>
    14. services:
    15. etcd:
    16. snapshot: true
    17. creation: 6h
    18. retention: 24h
    19. addons: |-
    20. ---
    21. kind: Namespace
    22. apiVersion: v1
    23. metadata:
    24. name: cattle-system
    25. ---
    26. kind: ServiceAccount
    27. apiVersion: v1
    28. metadata:
    29. name: cattle-admin
    30. namespace: cattle-system
    31. ---
    32. kind: ClusterRoleBinding
    33. apiVersion: rbac.authorization.k8s.io/v1
    34. metadata:
    35. name: cattle-crb
    36. namespace: cattle-system
    37. subjects:
    38. - kind: ServiceAccount
    39. name: cattle-admin
    40. namespace: cattle-system
    41. roleRef:
    42. kind: ClusterRole
    43. name: cluster-admin
    44. apiGroup: rbac.authorization.k8s.io
    45. ---
    46. apiVersion: v1
    47. kind: Secret
    48. metadata:
    49. name: cattle-keys-ingress
    50. namespace: cattle-system
    51. type: Opaque
    52. data:
    53. tls.crt: <BASE64_CRT> # ssl cert for ingress. If self-signed, must be signed by same CA as cattle server
    54. tls.key: <BASE64_KEY> # ssl key for ingress. If self-signed, must be signed by same CA as cattle server
    55. ---
    56. apiVersion: v1
    57. kind: Service
    58. metadata:
    59. namespace: cattle-system
    60. name: cattle-service
    61. labels:
    62. app: cattle
    63. spec:
    64. ports:
    65. - port: 80
    66. targetPort: 80
    67. protocol: TCP
    68. name: http
    69. - port: 443
    70. targetPort: 443
    71. protocol: TCP
    72. name: https
    73. selector:
    74. app: cattle
    75. ---
    76. apiVersion: extensions/v1beta1
    77. kind: Ingress
    78. metadata:
    79. namespace: cattle-system
    80. name: cattle-ingress-http
    81. annotations:
    82. nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
    83. nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" # Max time in seconds for ws to remain shell window open
    84. nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" # Max time in seconds for ws to remain shell window open
    85. spec:
    86. rules:
    87. - host: <FQDN> # FQDN to access cattle server
    88. http:
    89. paths:
    90. - backend:
    91. serviceName: cattle-service
    92. servicePort: 80
    93. tls:
    94. - secretName: cattle-keys-ingress
    95. hosts:
    96. - <FQDN> # FQDN to access cattle server
    97. ---
    98. kind: Deployment
    99. apiVersion: extensions/v1beta1
    100. metadata:
    101. namespace: cattle-system
    102. name: cattle
    103. spec:
    104. replicas: 1
    105. template:
    106. metadata:
    107. labels:
    108. app: cattle
    109. spec:
    110. serviceAccountName: cattle-admin
    111. containers:
    112. # Rancher install via RKE addons is only supported up to v2.0.8
    113. - image: rancher/rancher:v2.0.8
    114. args:
    115. - --no-cacerts
    116. imagePullPolicy: Always
    117. name: cattle-server
    118. # env:
    119. # - name: HTTP_PROXY
    120. # value: "http://your_proxy_address:port"
    121. # - name: HTTPS_PROXY
    122. # value: "http://your_proxy_address:port"
    123. # - name: NO_PROXY
    124. # value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,your_network_ranges_that_dont_need_proxy_to_access"
    125. livenessProbe:
    126. httpGet:
    127. path: /ping
    128. port: 80
    129. initialDelaySeconds: 60
    130. periodSeconds: 60
    131. readinessProbe:
    132. httpGet:
    133. path: /ping
    134. port: 80
    135. initialDelaySeconds: 20
    136. periodSeconds: 10
    137. ports:
    138. - containerPort: 80
    139. protocol: TCP
    140. - containerPort: 443
    141. protocol: TCP