我的书签
添加书签
移除书签RKE 使用 cluster.yml 文件安装和配置您的 Kubernetes 集群。
如果您使用配置如下所示,您可以使用这个 cluster.yml 模板安装和配置集群。
- 自签名 SSL 证书
- 4 层负载均衡
- NGINX Ingress controller
详情请参考RKE 文档
nodes:- address: <IP> # hostname or IP to access nodesuser: <USER> # root user (usually 'root')role: [controlplane, etcd, worker] # K8s roles for nodessh_key_path: <PEM_FILE> # path to PEM file- address: <IP>user: <USER>role: [controlplane, etcd, worker]ssh_key_path: <PEM_FILE>- address: <IP>user: <USER>role: [controlplane, etcd, worker]ssh_key_path: <PEM_FILE>services:etcd:snapshot: truecreation: 6hretention: 24haddons: |----kind: NamespaceapiVersion: v1metadata:name: cattle-system---kind: ServiceAccountapiVersion: v1metadata:name: cattle-adminnamespace: cattle-system---kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1metadata:name: cattle-crbnamespace: cattle-systemsubjects:- kind: ServiceAccountname: cattle-adminnamespace: cattle-systemroleRef:kind: ClusterRolename: cluster-adminapiGroup: rbac.authorization.k8s.io---apiVersion: v1kind: Secretmetadata:name: cattle-keys-ingressnamespace: cattle-systemtype: Opaquedata:tls.crt: <BASE64_CRT> # ssl cert for ingress. If selfsigned, must be signed by same CA as cattle servertls.key: <BASE64_KEY> # ssl key for ingress. If selfsigned, must be signed by same CA as cattle server---apiVersion: v1kind: Secretmetadata:name: cattle-keys-servernamespace: cattle-systemtype: Opaquedata:cacerts.pem: <BASE64_CA> # CA cert used to sign cattle server cert and key---apiVersion: v1kind: Servicemetadata:namespace: cattle-systemname: cattle-servicelabels:app: cattlespec:ports:- port: 80targetPort: 80protocol: TCPname: http- port: 443targetPort: 443protocol: TCPname: httpsselector:app: cattle---apiVersion: extensions/v1beta1kind: Ingressmetadata:namespace: cattle-systemname: cattle-ingress-httpannotations:nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" # Max time in seconds for ws to remain shell window opennginx.ingress.kubernetes.io/proxy-send-timeout: "1800" # Max time in seconds for ws to remain shell window openspec:rules:- host: <FQDN> # FQDN to access cattle serverhttp:paths:- backend:serviceName: cattle-serviceservicePort: 80tls:- secretName: cattle-keys-ingresshosts:- <FQDN> # FQDN to access cattle server---kind: DeploymentapiVersion: extensions/v1beta1metadata:namespace: cattle-systemname: cattlespec:replicas: 1template:metadata:labels:app: cattlespec:serviceAccountName: cattle-admincontainers:# Rancher install via RKE addons is only supported up to v2.0.8- image: rancher/rancher:v2.0.8imagePullPolicy: Alwaysname: cattle-server# env:# - name: HTTP_PROXY# value: "http://your_proxy_address:port"# - name: HTTPS_PROXY# value: "http://your_proxy_address:port"# - name: NO_PROXY# value: "localhost,127.0.0.1,0.0.0.0,10.43.0.0/16,your_network_ranges_that_dont_need_proxy_to_access"livenessProbe:httpGet:path: /pingport: 80initialDelaySeconds: 60periodSeconds: 60readinessProbe:httpGet:path: /pingport: 80initialDelaySeconds: 20periodSeconds: 10ports:- containerPort: 80protocol: TCP- containerPort: 443protocol: TCPvolumeMounts:- mountPath: /etc/rancher/sslname: cattle-keys-volumereadOnly: truevolumes:- name: cattle-keys-volumesecret:defaultMode: 420secretName: cattle-keys-server
