默认情况下的 RKE 集群参数配置都是默认生成的,用户只需填写 IP 端口 节点类型。但在一些高级场景中,用户需要自定义集群参数,比如修改 网络插件 Kubelet参数 等等,自定义RKE 集群参数配置将对您有用。

    为了以最佳实践的参数自动化配置,减小用户门槛。在您未完全掌握 RKE 配置参数配置之前,请谨慎配置。

    RKE集群配置 - 图1

    如上图所示,当进入 Kubernetes 集群配置页面时,点击红框处进行 Kubernetes 集群参数配置。

    配置示例如下:

    更多详情请参考RKE官方文档

    1. nodes:
    2. - address: 192.168.3.169
    3.   port: "22"
    4.   internal_address: 192.168.3.169
    5.   role:
    6.   - etcd
    7.   - controlplane
    8.   - worker
    9.   hostname_override: ""
    10.   user: docker
    11.   docker_socket: ""
    12.   ssh_key: ""
    13.   ssh_key_path: ~/.ssh/id_rsa
    14.   ssh_cert: ""
    15.   ssh_cert_path: ""
    16.   labels: {}
    17.    # app: ingress
    18.   taints: []
    19.    # - key: test-key
    20.    #   value: test-value
    21.    #   effect: NoSchedule
    24. # 检测docker版本,为false时如果docker版本RKE不支持则安装失败
    25. ignore_docker_version: false
    26. # 集群级密钥证书路径
    27. ssh_key_path: ""
    28. ssh_cert_path: ""
    29. # Enable use of SSH agent to use SSH private keys with passphrase
    30. # This requires the environment `SSH_AUTH_SOCK` configured pointing
    31. # to your SSH agent which has the private key added
    32. ssh_agent_auth: false
    33. # 私有镜像仓库
    34. private_registries:
    35. - url: registry.com
    36.   user: Username
    37.   password: password
    38.   is_default: true
    39. # 堡垒机/跳板机 配置
    40. bastion_host:
    41.   address: x.x.x.x
    42.   user: docker
    43.   port: 22
    44.   ssh_key_path: /home/user/.ssh/bastion_rsa
    45. # or
    46. #   ssh_key: |-
    47. #     -----BEGIN RSA PRIVATE KEY-----
    48. #
    49. #     -----END RSA PRIVATE KEY-----
    51. # 设置 Kubernetes 集群名称
    52. cluster_name: mycluster
    54. # Kubernetes 版本
    55. kubernetes_version: ""
    57. # 系统镜像
    58. system_images:
    59.   etcd: ""
    60.   alpine: ""
    61.   nginx_proxy: ""
    62.   cert_downloader: ""
    63.   kubernetes_services_sidecar: ""
    64.   kubedns: ""
    65.   dnsmasq: ""
    66.   kubedns_sidecar: ""
    67.   kubedns_autoscaler: ""
    68.   coredns: ""
    69.   coredns_autoscaler: ""
    70.   nodelocal: ""
    71.   kubernetes: ""
    72.   flannel: ""
    73.   flannel_cni: ""
    74.   calico_node: ""
    75.   calico_cni: ""
    76.   calico_controllers: ""
    77.   calico_ctl: ""
    78.   calico_flexvol: ""
    79.   canal_node: ""
    80.   canal_cni: ""
    81.   canal_controllers: ""
    82.   canal_flannel: ""
    83.   canal_flexvol: ""
    84.   weave_node: ""
    85.   weave_cni: ""
    86.   pod_infra_container: ""
    87.   ingress: ""
    88.   ingress_backend: ""
    89.   metrics_server: ""
    90.   windows_pod_infra_container: ""
    91.   aci_cni_deploy_container: ""
    92.   aci_host_container: ""
    93.   aci_opflex_container: ""
    94.   aci_mcast_container: ""
    95.   aci_ovs_container: ""
    96.   aci_controller_container: ""
    97.   aci_gbp_server_container: ""
    98.   aci_opflex_server_container: ""
    99. services:
    100.   etcd:
    101.     # etcd目录和文件 自定义uid/gid
    102.     uid: 52034
    103.     gid: 52034
    104.     # 如果使用外部etcd则填写以下内容
    105.     # path: /etcdcluster
    106.     # external_urls:
    107.     #   - https://etcd-example.com:2379
    108.     # ca_cert: |-
    109.     #   -----BEGIN CERTIFICATE-----
    110.     #   xxxxxxxxxx
    111.     #   -----END CERTIFICATE-----
    112.     # cert: |-
    113.     #   -----BEGIN CERTIFICATE-----
    114.     #   xxxxxxxxxx
    115.     #   -----END CERTIFICATE-----
    116.     # key: |-
    117.     #   -----BEGIN PRIVATE KEY-----
    118.     #   xxxxxxxxxx
    119.     #   -----END PRIVATE KEY-----
    121.   kube-api:
    122.     # 在Kubernetes上创建的IP范围必须与 kube-controller 中的 service_cluster_ip_range 匹配
    123.     service_cluster_ip_range: 10.43.0.0/16
    124.     # 为NodePort服务公开不同的端口范围
    125.     service_node_port_range: 30000-32767
    126.     pod_security_policy: false
    127.     image: ""
    128.     extra_args: {}
    129.     extra_binds: []
    130.     extra_env: []
    131.     win_extra_args: {}
    132.     win_extra_binds: []
    133.     win_extra_env: []
    134.     pod_security_policy: false
    135.     always_pull_images: false
    136.     secrets_encryption_config: null
    137.     audit_log: null
    138.     admission_configuration: null
    139.     event_rate_limit: null
    140.   kube-controller:
    141.     # CIDR池用于为集群中的pod分配IP地址
    142.     cluster_cidr: 10.42.0.0/16
    143.     # 在Kubernetes上创建的服务的IP范围必须与kube-api中的service_cluster_ip_range匹配
    144.     service_cluster_ip_range: 10.43.0.0/16
    145.     # 添加一些额外的参数
    146.     extra_args:
    147.     # 例如:设置日志输出的级别为调试级别
    148.     v: 4
    149.   kubelet:
    150.     # 集群域
    151.     cluster_domain: cluster.local
    152.     # DNS服务IP地址
    153.     cluster_dns_server: 10.43.0.10
    154.     # 如果交换处于开启状态,则失败
    155.     fail_swap_on: false
    156.     # 配置 pod-infra-container-image
    157.     pod-infra-container-image: "k8s.gcr.io/pause:3.2"
    158.          # 生成kubelet服务证书
    159.     generate_serving_certificate: true
    160.     # 添加一些额外的参数
    161.     extra_args:
    162.       # 设置pod最大250,而不是默认的110
    163.       max-pods: 250
    164.     # 存储卷绑定
    165.     extra_binds:
    166.     - /grlocaldata:/grlocaldata:rw,z
    167.   scheduler:
    168.     image: ""
    169.     extra_args: {}
    170.     extra_binds: []
    171.     extra_env: []
    172.     win_extra_args: {}
    173.     win_extra_binds: []
    174.     win_extra_env: []
    175.   kubeproxy:
    176.     image: ""
    177.     extra_args: {}
    178.     extra_binds: []
    179.     extra_env: []
    180.     win_extra_args: {}
    181.     win_extra_binds: []
    182.     win_extra_env: []
    183. # x509认证策略
    184. authentication:
    185.   strategy: x509
    186.   sans: []
    187.   webhook: null
    188. # Kubernetes 授权模式
    189. # 使用 `mode: rbac` 开启 RBAC
    190. # 使用 `mode: none` 关闭 授权
    191. authorization:
    192.   mode: rbac
    194. # job 超时时间 30s
    195. addon_job_timeout: 30
    197. # 可选网络插件 (canal, calico, flannel, weave, or none)
    198. network:
    199.   plugin: flannel
    200.   options: {}
    201.   mtu: 0
    202.   node_selector: {}
    203.   update_strategy: null
    204.   tolerations: []
    206. # 可选DNS (coredns or kube-dns or null)
    207. dns: null
    208. # 指定监控供应商 (metrics-server)
    209. monitoring:
    210.   provider: none

    以上配置基本上无需修改,大部分用户通过可视化配置即可满足需求。

    如需修改,按照所需修改配置文件,例如:

    • 修改网络插件为 calico,修改 network.plugincalico

    默认会从dockerhub拉取 calico镜像,如需自定义镜像地址请在 system_images 指定镜像地址

    1. network:
    2.   plugin: calico
    • 修改配置后,点击更新集群,等待集群更新完成即可。