您可通过编辑 RKE 的集群配置文件cluster.yml,完成多种配置选项。以下是最小文件示例和完整文件示例。

**说明:**如果您使用的是 Rancher v2.0.5 或 v2.0.6,使用集群配置文件,配置集群选项时,服务名称不能含有除了英文字母和下划线外的其他字符。

最小文件示例

  1. nodes:
  2.   - address: 1.2.3.4
  3.     user: ubuntu
  4.     role:
  5.       - controlplane
  6.       - etcd
  7.       - worker

完整文件示例

  1. nodes:
  2.   - address: 1.1.1.1
  3.     user: ubuntu
  4.     role:
  5.       - controlplane
  6.       - etcd
  7.     ssh_key_path: /home/user/.ssh/id_rsa
  8.     port: 2222
  9.   - address: 2.2.2.2
  10.     user: ubuntu
  11.     role:
  12.       - worker
  13.     ssh_key: |-
  14.       -----BEGIN RSA PRIVATE KEY-----
  16.       -----END RSA PRIVATE KEY-----
  17.   - address: example.com
  18.     user: ubuntu
  19.     role:
  20.       - worker
  21.     hostname_override: node3
  22.     internal_address: 192.168.1.6
  23.     labels:
  24.       app: ingress
  26. # 默认值为false,如果设置为true,当发现不支持的Docker版本时,RKE不会报错
  27. ignore_docker_version: false
  29. # 集群级SSH私钥,如果没有为节点设置ssh信息则使用该私钥
  30. ssh_key_path: ~/.ssh/test
  32. # 启用SSH代理,使用带有密码的SSH私钥
  33. # 这需要配置环境`SSH_AUTH_SOCK`,指向已添加私钥的SSH代理
  34. ssh_agent_auth: true
  36. # 镜像仓库凭证列表
  37. # 如果你使用的是Docker Hub注册表,
  38. # 你可以省略`url`
  39. # 或者设置为`docker.io`is_default设置为`true`
  40. # 将覆盖全局设置中设置的系统默认注册表
  41. private_registries:
  42.   - url: registry.com
  43.     user: Username # 请替换为真实的用户名
  44.     password: password # 请替换为真实的密码
  45.     is_default: true
  47. # 堡垒机配置
  48. bastion_host:
  49.   address: x.x.x.x
  50.   user: ubuntu
  51.   port: 22
  52.   ssh_key_path: /home/user/.ssh/bastion_rsa
  53. # or
  54. #   ssh_key: |-
  55. #     -----BEGIN RSA PRIVATE KEY-----
  56. #
  57. #     -----END RSA PRIVATE KEY-----
  59. # Set the name of the Kubernetes cluster
  60. cluster_name: mycluster
  62. # The Kubernetes version used. The default versions of Kubernetes
  63. # are tied to specific versions of the system images.
  64. #
  65. # For RKE v0.2.x and below, the map of Kubernetes versions and their system images is
  66. # located here:
  67. # https://github.com/rancher/types/blob/release/v2.2/apis/management.cattle.io/v3/k8s_defaults.go
  68. #
  69. # For RKE v0.3.0 and above, the map of Kubernetes versions and their system images is
  70. # located here:
  71. # https://github.com/rancher/kontainer-driver-metadata/blob/master/rke/k8s_rke_system_images.go
  72. #
  73. # In case the kubernetes_version and kubernetes image in
  74. # system_images are defined, the system_images configuration
  75. # will take precedence over kubernetes_version.
  76. kubernetes_version: v1.10.3-rancher2
  78. # System Images are defaulted to a tag that is mapped to a specific
  79. # Kubernetes Version and not required in a cluster.yml.
  80. # Each individual system image can be specified if you want to use a different tag.
  81. #
  82. # For RKE v0.2.x and below, the map of Kubernetes versions and their system images is
  83. # located here:
  84. # https://github.com/rancher/types/blob/release/v2.2/apis/management.cattle.io/v3/k8s_defaults.go
  85. #
  86. # For RKE v0.3.0 and above, the map of Kubernetes versions and their system images is
  87. # located here:
  88. # https://github.com/rancher/kontainer-driver-metadata/blob/master/rke/k8s_rke_system_images.go
  89. #
  90. system_images:
  91.   kubernetes: rancher/hyperkube:v1.10.3-rancher2
  92.   etcd: rancher/coreos-etcd:v3.1.12
  93.   alpine: rancher/rke-tools:v0.1.9
  94.   nginx_proxy: rancher/rke-tools:v0.1.9
  95.   cert_downloader: rancher/rke-tools:v0.1.9
  96.   kubernetes_services_sidecar: rancher/rke-tools:v0.1.9
  97.   kubedns: rancher/k8s-dns-kube-dns-amd64:1.14.8
  98.   dnsmasq: rancher/k8s-dns-dnsmasq-nanny-amd64:1.14.8
  99.   kubedns_sidecar: rancher/k8s-dns-sidecar-amd64:1.14.8
  100.   kubedns_autoscaler: rancher/cluster-proportional-autoscaler-amd64:1.0.0
  101.   pod_infra_container: rancher/pause-amd64:3.1
  103. services:
  104.   etcd:
  105.   # if external etcd is used
  106.   # path: /etcdcluster
  107.   # external_urls:
  108.   #   - https://etcd-example.com:2379
  109.   # ca_cert: |-
  110.   #   -----BEGIN CERTIFICATE-----
  111.   #   xxxxxxxxxx
  112.   #   -----END CERTIFICATE-----
  113.   # cert: |-
  114.   #   -----BEGIN CERTIFICATE-----
  115.   #   xxxxxxxxxx
  116.   #   -----END CERTIFICATE-----
  117.   # key: |-
  118.   #   -----BEGIN PRIVATE KEY-----
  119.   #   xxxxxxxxxx
  120.   #   -----END PRIVATE KEY-----
  121.   # Note for Rancher v2.0.5 and v2.0.6 users: If you are configuring
  122.   # Cluster Options using a Config File when creating Rancher Launched
  123.   # Kubernetes, the names of services should contain underscores
  124.   # only: `kube_api`.
  125.   kube-api:
  126.     # IP range for any services created on Kubernetes
  127.     # This must match the service_cluster_ip_range in kube-controller
  128.     service_cluster_ip_range: 10.43.0.0/16
  129.     # Expose a different port range for NodePort services
  130.     service_node_port_range: 30000-32767
  131.     pod_security_policy: false
  132.     # Add additional arguments to the kubernetes API server
  133.     # This WILL OVERRIDE any existing defaults
  134.     extra_args:
  135.       # Enable audit log to stdout
  136.       audit-log-path: "-"
  137.       # Increase number of delete workers
  138.       delete-collection-workers: 3
  139.       # Set the level of log output to debug-level
  140.       v: 4
  141.   # Note for Rancher 2 users: If you are configuring Cluster Options
  142.   # using a Config File when creating Rancher Launched Kubernetes,
  143.   # the names of services should contain underscores only:
  144.   # `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6.
  145.   kube-controller:
  146.     # CIDR pool used to assign IP addresses to pods in the cluster
  147.     cluster_cidr: 10.42.0.0/16
  148.     # IP range for any services created on Kubernetes
  149.     # This must match the service_cluster_ip_range in kube-api
  150.     service_cluster_ip_range: 10.43.0.0/16
  151.   kubelet:
  152.     # Base domain for the cluster
  153.     cluster_domain: cluster.local
  154.     # IP address for the DNS service endpoint
  155.     cluster_dns_server: 10.43.0.10
  156.     # Fail if swap is on
  157.     fail_swap_on: false
  158.     # Set max pods to 250 instead of default 110
  159.     extra_args:
  160.       max-pods: 250
  161.     # Optionally define additional volume binds to a service
  162.     extra_binds:
  163.       - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"
  165. # Currently, only authentication strategy supported is x509.
  166. # You can optionally create additional SANs (hostnames or IPs) to
  167. # add to the API server PKI certificate.
  168. # This is useful if you want to use a load balancer for the
  169. # control plane servers.
  170. authentication:
  171.   strategy: x509
  172.   sans:
  173.     - "10.18.160.10"
  174.     - "my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com"
  176. # Kubernetes Authorization mode
  177. # Use `mode: rbac` to enable RBAC
  178. # Use `mode: none` to disable authorization
  179. authorization:
  180.   mode: rbac
  182. # If you want to set a Kubernetes cloud provider, you specify
  183. # the name and configuration
  184. cloud_provider:
  185.   name: aws
  187. # Add-ons are deployed using kubernetes jobs. RKE will give
  188. # up on trying to get the job status after this timeout in seconds..
  189. addon_job_timeout: 30
  191. # Specify network plugin-in (canal, calico, flannel, weave, or none)
  192. network:
  193.   plugin: canal
  195. # Specify DNS provider (coredns or kube-dns)
  196. dns:
  197.   provider: coredns
  199. # Currently only nginx ingress provider is supported.
  200. # To disable ingress controller, set `provider: none`
  201. # `node_selector` controls ingress placement and is optional
  202. ingress:
  203.   provider: nginx
  204.   node_selector:
  205.     app: ingress
  207. # All add-on manifests MUST specify a namespace
  208. addons: |-
  209.   ---
  210.   apiVersion: v1
  211.   kind: Pod
  212.   metadata:
  213.     name: my-nginx
  214.     namespace: default
  215.   spec:
  216.     containers:
  217.     - name: my-nginx
  218.       image: nginx
  219.       ports:
  220.       - containerPort: 80
  222. addons_include:
  223.   - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml
  224.   - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-cluster.yaml
  225.   - /path/to/manifest