Kubernetes 初始化集群配置

默认情况下的 RKE 集群参数配置都是默认生成的,用户只需填写 IP 端口 节点类型。但在一些高级场景中,用户需要自定义集群参数,比如修改 网络插件 Kubelet参数 等等,自定义RKE 集群参数配置将对您有用。

为了以最佳实践的参数自动化配置,减小用户门槛。在您未完全掌握 RKE 配置参数配置之前,请谨慎配置。

Kubernetes 初始化集群配置 - 图1

如上图所示,当进入 Kubernetes 集群配置页面时,点击红框处进行 Kubernetes 集群参数配置。

配置示例如下:

更多详情请参考RKE官方文档

  1. nodes:
  2. - address: 192.168.3.169
  3. port: "22"
  4. internal_address: 192.168.3.169
  5. role:
  6. - etcd
  7. - controlplane
  8. - worker
  9. hostname_override: ""
  10. user: docker
  11. docker_socket: ""
  12. ssh_key: ""
  13. ssh_key_path: ~/.ssh/id_rsa
  14. ssh_cert: ""
  15. ssh_cert_path: ""
  16. labels: {}
  17. # app: ingress
  18. taints: []
  19. # - key: test-key
  20. # value: test-value
  21. # effect: NoSchedule
  22. # 检测docker版本,为false时如果docker版本RKE不支持则安装失败
  23. ignore_docker_version: false
  24. # 集群级密钥证书路径
  25. ssh_key_path: ""
  26. ssh_cert_path: ""
  27. # Enable use of SSH agent to use SSH private keys with passphrase
  28. # This requires the environment `SSH_AUTH_SOCK` configured pointing
  29. # to your SSH agent which has the private key added
  30. ssh_agent_auth: false
  31. # 私有镜像仓库
  32. private_registries:
  33. - url: registry.com
  34. user: Username
  35. password: password
  36. is_default: true
  37. # 堡垒机/跳板机 配置
  38. bastion_host:
  39. address: x.x.x.x
  40. user: docker
  41. port: 22
  42. ssh_key_path: /home/user/.ssh/bastion_rsa
  43. # or
  44. # ssh_key: |-
  45. # -----BEGIN RSA PRIVATE KEY-----
  46. #
  47. # -----END RSA PRIVATE KEY-----
  48. # 设置 Kubernetes 集群名称
  49. cluster_name: mycluster
  50. # Kubernetes 版本
  51. kubernetes_version: ""
  52. # 系统镜像
  53. system_images:
  54. etcd: ""
  55. alpine: ""
  56. nginx_proxy: ""
  57. cert_downloader: ""
  58. kubernetes_services_sidecar: ""
  59. kubedns: ""
  60. dnsmasq: ""
  61. kubedns_sidecar: ""
  62. kubedns_autoscaler: ""
  63. coredns: ""
  64. coredns_autoscaler: ""
  65. nodelocal: ""
  66. kubernetes: ""
  67. flannel: ""
  68. flannel_cni: ""
  69. calico_node: ""
  70. calico_cni: ""
  71. calico_controllers: ""
  72. calico_ctl: ""
  73. calico_flexvol: ""
  74. canal_node: ""
  75. canal_cni: ""
  76. canal_controllers: ""
  77. canal_flannel: ""
  78. canal_flexvol: ""
  79. weave_node: ""
  80. weave_cni: ""
  81. pod_infra_container: ""
  82. ingress: ""
  83. ingress_backend: ""
  84. metrics_server: ""
  85. windows_pod_infra_container: ""
  86. aci_cni_deploy_container: ""
  87. aci_host_container: ""
  88. aci_opflex_container: ""
  89. aci_mcast_container: ""
  90. aci_ovs_container: ""
  91. aci_controller_container: ""
  92. aci_gbp_server_container: ""
  93. aci_opflex_server_container: ""
  94. services:
  95. etcd:
  96. # etcd目录和文件 自定义uid/gid
  97. uid: 52034
  98. gid: 52034
  99. # 如果使用外部etcd则填写以下内容
  100. # path: /etcdcluster
  101. # external_urls:
  102. # - https://etcd-example.com:2379
  103. # ca_cert: |-
  104. # -----BEGIN CERTIFICATE-----
  105. # xxxxxxxxxx
  106. # -----END CERTIFICATE-----
  107. # cert: |-
  108. # -----BEGIN CERTIFICATE-----
  109. # xxxxxxxxxx
  110. # -----END CERTIFICATE-----
  111. # key: |-
  112. # -----BEGIN PRIVATE KEY-----
  113. # xxxxxxxxxx
  114. # -----END PRIVATE KEY-----
  115. kube-api:
  116. # 在Kubernetes上创建的IP范围必须与 kube-controller 中的 service_cluster_ip_range 匹配
  117. service_cluster_ip_range: 10.43.0.0/16
  118. # 为NodePort服务公开不同的端口范围
  119. service_node_port_range: 30000-32767
  120. pod_security_policy: false
  121. image: ""
  122. extra_args: {}
  123. extra_binds: []
  124. extra_env: []
  125. win_extra_args: {}
  126. win_extra_binds: []
  127. win_extra_env: []
  128. pod_security_policy: false
  129. always_pull_images: false
  130. secrets_encryption_config: null
  131. audit_log: null
  132. admission_configuration: null
  133. event_rate_limit: null
  134. kube-controller:
  135. # CIDR池用于为集群中的pod分配IP地址
  136. cluster_cidr: 10.42.0.0/16
  137. # 在Kubernetes上创建的服务的IP范围必须与kube-api中的service_cluster_ip_range匹配
  138. service_cluster_ip_range: 10.43.0.0/16
  139. # 添加一些额外的参数
  140. extra_args:
  141. # 例如:设置日志输出的级别为调试级别
  142. v: 4
  143. kubelet:
  144. # 集群域
  145. cluster_domain: cluster.local
  146. # DNS服务IP地址
  147. cluster_dns_server: 10.43.0.10
  148. # 如果交换处于开启状态,则失败
  149. fail_swap_on: false
  150. # 配置 pod-infra-container-image
  151. pod-infra-container-image: "k8s.gcr.io/pause:3.2"
  152. # 生成kubelet服务证书
  153. generate_serving_certificate: true
  154. # 添加一些额外的参数
  155. extra_args:
  156. # 设置pod最大250,而不是默认的110
  157. max-pods: 250
  158. # 存储卷绑定
  159. extra_binds:
  160. - /grlocaldata:/grlocaldata:rw,z
  161. scheduler:
  162. image: ""
  163. extra_args: {}
  164. extra_binds: []
  165. extra_env: []
  166. win_extra_args: {}
  167. win_extra_binds: []
  168. win_extra_env: []
  169. kubeproxy:
  170. image: ""
  171. extra_args: {}
  172. extra_binds: []
  173. extra_env: []
  174. win_extra_args: {}
  175. win_extra_binds: []
  176. win_extra_env: []
  177. # x509认证策略
  178. authentication:
  179. strategy: x509
  180. sans: []
  181. webhook: null
  182. # Kubernetes 授权模式
  183. # 使用 `mode: rbac` 开启 RBAC
  184. # 使用 `mode: none` 关闭 授权
  185. authorization:
  186. mode: rbac
  187. # job 超时时间 30s
  188. addon_job_timeout: 30
  189. # 可选网络插件 (canal, calico, flannel, weave, or none)
  190. network:
  191. plugin: flannel
  192. options: {}
  193. mtu: 0
  194. node_selector: {}
  195. update_strategy: null
  196. tolerations: []
  197. # 可选DNS (coredns or kube-dns or null)
  198. dns: null
  199. # 指定监控供应商 (metrics-server)
  200. monitoring:
  201. provider: none

以上配置基本上无需修改,大部分用户通过可视化配置即可满足需求。

如需修改,按照所需修改配置文件,例如:

  • 修改网络插件为 calico,修改 network.plugincalico

    默认会从dockerhub拉取 calico镜像,如需自定义镜像地址请在 system_images 指定镜像地址

  1. network:
  2. plugin: calico
  • 修改配置后,点击更新集群,等待集群更新完成即可。