Rainbond文档中心
RKE集群配置 编辑此页面

默认情况下的 RKE 集群参数配置都是默认生成的,用户只需填写 IP 端口 节点类型。但在一些高级场景中,用户需要自定义集群参数,比如修改 网络插件 Kubelet参数 等等,自定义RKE 集群参数配置将对您有用。

为了以最佳实践的参数自动化配置,减小用户门槛。在您未完全掌握 RKE 配置参数配置之前,请谨慎配置。

如上图所示,当进入 Kubernetes 集群配置页面时,点击红框处进行 Kubernetes 集群参数配置。

配置示例如下:

更多详情请参考RKE官方文档

nodes:
- address: 192.168.3.169
  port: "22"
  internal_address: 192.168.3.169
  role:
  - etcd
  - controlplane
  - worker
  hostname_override: ""
  user: docker
  docker_socket: ""
  ssh_key: ""
  ssh_key_path: ~/.ssh/id_rsa
  ssh_cert: ""
  ssh_cert_path: ""
  labels: {}
   # app: ingress
  taints: []
   # - key: test-key
   #   value: test-value
   #   effect: NoSchedule
   

# 检测docker版本,为false时如果docker版本RKE不支持则安装失败
ignore_docker_version: false
# 集群级密钥证书路径
ssh_key_path: ""
ssh_cert_path: ""
# Enable use of SSH agent to use SSH private keys with passphrase
# This requires the environment `SSH_AUTH_SOCK` configured pointing
# to your SSH agent which has the private key added
ssh_agent_auth: false
# 私有镜像仓库
private_registries:
- url: registry.com
  user: Username
  password: password
  is_default: true
# 堡垒机/跳板机 配置
bastion_host:
  address: x.x.x.x
  user: docker
  port: 22
  ssh_key_path: /home/user/.ssh/bastion_rsa
# or
#   ssh_key: |-
#     -----BEGIN RSA PRIVATE KEY-----
#
#     -----END RSA PRIVATE KEY-----

# 设置 Kubernetes 集群名称
cluster_name: mycluster

# Kubernetes 版本
kubernetes_version: ""

# 系统镜像
system_images:
  etcd: ""
  alpine: ""
  nginx_proxy: ""
  cert_downloader: ""
  kubernetes_services_sidecar: ""
  kubedns: ""
  dnsmasq: ""
  kubedns_sidecar: ""
  kubedns_autoscaler: ""
  coredns: ""
  coredns_autoscaler: ""
  nodelocal: ""
  kubernetes: ""
  flannel: ""
  flannel_cni: ""
  calico_node: ""
  calico_cni: ""
  calico_controllers: ""
  calico_ctl: ""
  calico_flexvol: ""
  canal_node: ""
  canal_cni: ""
  canal_controllers: ""
  canal_flannel: ""
  canal_flexvol: ""
  weave_node: ""
  weave_cni: ""
  pod_infra_container: ""
  ingress: ""
  ingress_backend: ""
  metrics_server: ""
  windows_pod_infra_container: ""
  aci_cni_deploy_container: ""
  aci_host_container: ""
  aci_opflex_container: ""
  aci_mcast_container: ""
  aci_ovs_container: ""
  aci_controller_container: ""
  aci_gbp_server_container: ""
  aci_opflex_server_container: ""
services:
  etcd:
    # etcd目录和文件 自定义uid/gid
    uid: 52034
    gid: 52034
    # 如果使用外部etcd则填写以下内容
    # path: /etcdcluster
    # external_urls:
    #   - https://etcd-example.com:2379
    # ca_cert: |-
    #   -----BEGIN CERTIFICATE-----
    #   xxxxxxxxxx
    #   -----END CERTIFICATE-----
    # cert: |-
    #   -----BEGIN CERTIFICATE-----
    #   xxxxxxxxxx
    #   -----END CERTIFICATE-----
    # key: |-
    #   -----BEGIN PRIVATE KEY-----
    #   xxxxxxxxxx
    #   -----END PRIVATE KEY-----
    
  kube-api:
    # 在Kubernetes上创建的IP范围必须与 kube-controller 中的 service_cluster_ip_range 匹配
    service_cluster_ip_range: 10.43.0.0/16
    # 为NodePort服务公开不同的端口范围
    service_node_port_range: 30000-32767
    pod_security_policy: false
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_binds: []
    win_extra_env: []
    pod_security_policy: false
    always_pull_images: false
    secrets_encryption_config: null
    audit_log: null
    admission_configuration: null
    event_rate_limit: null
  kube-controller:
    # CIDR池用于为集群中的pod分配IP地址
    cluster_cidr: 10.42.0.0/16
    # 在Kubernetes上创建的服务的IP范围必须与kube-api中的service_cluster_ip_range匹配
    service_cluster_ip_range: 10.43.0.0/16
    # 添加一些额外的参数
    extra_args:
    # 例如:设置日志输出的级别为调试级别
    v: 4
  kubelet:
    # 集群域
    cluster_domain: cluster.local
    # DNS服务IP地址
    cluster_dns_server: 10.43.0.10
    # 如果交换处于开启状态,则失败
    fail_swap_on: false
    # 配置 pod-infra-container-image
    pod-infra-container-image: "k8s.gcr.io/pause:3.2"
 		# 生成kubelet服务证书
    generate_serving_certificate: true
    # 添加一些额外的参数
    extra_args:
      # 设置pod最大250,而不是默认的110
      max-pods: 250
    # 存储卷绑定
    extra_binds:
    - /grlocaldata:/grlocaldata:rw,z
  scheduler:
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_binds: []
    win_extra_env: []
  kubeproxy:
    image: ""
    extra_args: {}
    extra_binds: []
    extra_env: []
    win_extra_args: {}
    win_extra_binds: []
    win_extra_env: []
# x509认证策略
authentication:
  strategy: x509
  sans: []
  webhook: null
# Kubernetes 授权模式
# 使用 `mode: rbac` 开启 RBAC
# 使用 `mode: none` 关闭 授权
authorization:
  mode: rbac

# job 超时时间 30s
addon_job_timeout: 30

# 可选网络插件 (canal, calico, flannel, weave, or none)
network:
  plugin: flannel
  options: {}
  mtu: 0
  node_selector: {}
  update_strategy: null
  tolerations: []
  
# 可选DNS (coredns or kube-dns or null)
dns: null
# 指定监控供应商 (metrics-server)
monitoring:
  provider: none

以上配置基本上无需修改,大部分用户通过可视化配置即可满足需求。

如需修改,按照所需修改配置文件,例如:

  • 修改网络插件为 calico,修改 network.plugincalico

默认会从dockerhub拉取 calico镜像,如需自定义镜像地址请在 system_images 指定镜像地址

network:
  plugin: calico
  • 修改配置后,点击更新集群,等待集群更新完成即可。
文章目录