15308555518/ kubekey
1
0
Fork 0
mirror of https://github.com/kubesphere/kubekey.git synced 2025-12-26 01:22:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
kubekey/docs/config-example.md
jojotong e03ba0abf2
Some checks failed
CI / Build (push) Has been cancelled
Details
Release Drafter / update_release_draft (push) Has been cancelled
Details
Sync Feature Branch to Main / sync-feature (push) Has been cancelled
Details
Kubernetes-Auto-Support / update-kubernetes-version (push) Has been cancelled
Details
Feat support config docker contaninerd data dir (#2500) 
* feat: split dataRoot to containerdDataDir and dockerDataDir

Signed-off-by: jojotong <sunlintongshuai@gmail.com>

* fix: config docker data dir when install harbor

Signed-off-by: jojotong <sunlintongshuai@gmail.com>

---------

Signed-off-by: jojotong <sunlintongshuai@gmail.com>
Co-authored-by: liujian <54946465+redscholar@users.noreply.github.com>
2025-02-26 07:17:10 +00:00

303 lines
13 KiB
Markdown
Raw Blame History

# Cluster Configuration Sample
```yaml
apiVersion: kubekey.kubesphere.io/v1alpha2
kind: Cluster
metadata:
name: sample
spec:
hosts:
# Assume that the default port for SSH is 22. Otherwise, add the port number after the IP address.
# If you install Kubernetes on ARM, add "arch: arm64". For example, {...user: ubuntu, password: Qcloud@123, arch: arm64}.
- {name: node1, address: 172.16.0.2, internalAddress: "172.16.0.2,2022::2", port: 8022, user: ubuntu, password: "Qcloud@123"}
# For default root user.
# Kubekey will parse `labels` field and automatically label the node.
- {name: node2, address: 172.16.0.3, internalAddress: "172.16.0.3,2022::3", password: "Qcloud@123", labels: {disk: SSD, role: backend}}
# For password-less login with SSH keys.
- {name: node3, address: 172.16.0.4, internalAddress: "172.16.0.4,2022::4", privateKeyPath: "~/.ssh/id_rsa"}
roleGroups:
etcd:
- node1 # All the nodes in your cluster that serve as the etcd nodes.
master:
- node1
- node[2:10] # From node2 to node10. All the nodes in your cluster that serve as the master nodes.
worker:
- node1
- node[10:100] # All the nodes in your cluster that serve as the worker nodes.
## Specify the node role as registry. Only one node can be set as registry. For more information check docs/registry.md
registry:
- node1
controlPlaneEndpoint:
# Internal loadbalancer for apiservers. Support: haproxy, kube-vip [Default: ""]
internalLoadbalancer: haproxy
# Determines whether to use external dns to resolve the control-plane domain.
# If 'externalDNS' is set to 'true', the 'address' needs to be set to "".
externalDNS: false
domain: lb.kubesphere.local
# The IP address of your load balancer. If you use internalLoadblancer in "kube-vip" mode, a VIP is required here.
address: ""
port: 6443
system:
# The ntp servers of chrony.
ntpServers:
- time1.cloud.tencent.com
- ntp.aliyun.com
- node1 # Set the node name in `hosts` as ntp server if no public ntp servers access.
timezone: "Asia/Shanghai"
# Specify additional packages to be installed. The ISO file which is contained in the artifact is required.
rpms:
- nfs-utils
# Specify additional packages to be installed. The ISO file which is contained in the artifact is required.
debs:
- nfs-common
#preInstall: # Specify custom init shell scripts for each nodes, and execute according to the list order at the first stage.
# - name: format and mount disk
# bash: /bin/bash -x setup-disk.sh
# materials: # scripts can has some dependency materials. those will copy to the node
# - ./setup-disk.sh # the script which shell execute need
# - xxx # other tools materials need by this script
#postInstall: # Specify custom finish clean up shell scripts for each nodes after the Kubernetes install.
# - name: clean tmps files
# bash: |
# rm -fr /tmp/kubekey/*
#skipConfigureOS: true # Do not pre-configure the host OS (e.g. kernel modules, /etc/hosts, sysctl.conf, NTP servers, etc). You will have to set these things up via other methods before using KubeKey.
kubernetes:
#kubelet start arguments
#kubeletArgs:
# Directory path for managing kubelet files (volume mounts, etc).
# - --root-dir=/var/lib/kubelet
version: v1.21.5
# Optional extra Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.
apiserverCertExtraSans:
- 192.168.8.8
- lb.kubespheredev.local
# Container Runtime, support: containerd, cri-o, isula. [Default: docker]
containerManager: docker
clusterName: cluster.local
# Whether to install a script which can automatically renew the Kubernetes control plane certificates. [Default: false]
autoRenewCerts: true
# masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode. [Default: false].
masqueradeAll: false
# maxPods is the number of Pods that can run on this Kubelet. [Default: 110]
maxPods: 110
# podPidsLimit is the maximum number of PIDs in any pod. [Default: 10000]
podPidsLimit: 10000
# The internal network node size allocation. This is the size allocated to each node on your network. [Default: 24]
nodeCidrMaskSize: 24
# Specify which proxy mode to use. [Default: ipvs]
proxyMode: ipvs
# enable featureGates, [Default: {"ExpandCSIVolumes":true,"RotateKubeletServerCertificate": true,"CSIStorageCapacity":true, "TTLAfterFinished":true}]
featureGates:
CSIStorageCapacity: true
ExpandCSIVolumes: true
RotateKubeletServerCertificate: true
TTLAfterFinished: true
## support kata and NFD
# kata:
# enabled: true
# nodeFeatureDiscovery
# enabled: true
# additional kube-proxy configurations
kubeProxyConfiguration:
ipvs:
# CIDR's to exclude when cleaning up IPVS rules.
# necessary to put node cidr here when internalLoadbalancer=kube-vip and proxyMode=ipvs
# refer to: https://github.com/kubesphere/kubekey/issues/1702
excludeCIDRs:
- 172.16.0.2/24
etcd:
# Specify the type of etcd used by the cluster. When the cluster type is k3s, setting this parameter to kubeadm is invalid. [kubekey | kubeadm | external] [Default: kubekey]
type: kubekey
## The following parameters need to be added only when the type is set to external.
## caFile, certFile and keyFile need not be set, if TLS authentication is not enabled for the existing etcd.
# external:
# endpoints:
# - https://192.168.6.6:2379
# caFile: /pki/etcd/ca.crt
# certFile: /pki/etcd/etcd.crt
# keyFile: /pki/etcd/etcd.key
dataDir: "/var/lib/etcd"
# Time (in milliseconds) of a heartbeat interval.
heartbeatInterval: 250
# Time (in milliseconds) for an election to timeout.
electionTimeout: 5000
# Number of committed transactions to trigger a snapshot to disk.
snapshotCount: 10000
# Auto compaction retention for mvcc key value store in hour. 0 means disable auto compaction.
autoCompactionRetention: 8
# Set level of detail for etcd exported metrics, specify 'extensive' to include histogram metrics.
metrics: basic
## Etcd has a default of 2G for its space quota. If you put a value in etcd_memory_limit which is less than
## etcd_quota_backend_bytes, you may encounter out of memory terminations of the etcd cluster. Please check
## etcd documentation for more information.
# 8G is a suggested maximum size for normal environments and etcd warns at startup if the configured value exceeds it.
quotaBackendBytes: 2147483648
# Maximum client request size in bytes the server will accept.
# etcd is designed to handle small key value pairs typical for metadata.
# Larger requests will work, but may increase the latency of other requests
maxRequestBytes: 1572864
# Maximum number of snapshot files to retain (0 is unlimited)
maxSnapshots: 5
# Maximum number of wal files to retain (0 is unlimited)
maxWals: 5
# Configures log level. Only supports debug, info, warn, error, panic, or fatal.
logLevel: info
network:
plugin: calico
calico:
ipipMode: Always # IPIP Mode to use for the IPv4 POOL created at start up. If set to a value other than Never, vxlanMode should be set to "Never". [Always | CrossSubnet | Never] [Default: Always]
vxlanMode: Never # VXLAN Mode to use for the IPv4 POOL created at start up. If set to a value other than Never, ipipMode should be set to "Never". [Always | CrossSubnet | Never] [Default: Never]
vethMTU: 0 # The maximum transmission unit (MTU) setting determines the largest packet size that can be transmitted through your network. By default, MTU is auto-detected. [Default: 0]
kubePodsCIDR: 10.233.64.0/18,fd85:ee78:d8a6:8607::1:0000/112
kubeServiceCIDR: 10.233.0.0/18,fd85:ee78:d8a6:8607::1000/116
storage:
openebs:
basePath: /var/openebs/local # base path of the local PV provisioner
registry:
registryMirrors: []
insecureRegistries: []
privateRegistry: "dockerhub.kubekey.local"
namespaceOverride: ""
auths: # if docker add by `docker login`, if containerd append to `/etc/containerd/config.toml`
"dockerhub.kubekey.local":
username: "xxx"
password: "***"
skipTLSVerify: false # Allow contacting registries over HTTPS with failed TLS verification.
plainHTTP: false # Allow contacting registries over HTTP.
certsPath: "/etc/docker/certs.d/dockerhub.kubekey.local" # Use certificates at path (*.crt, *.cert, *.key) to connect to the registry.
containerdDataDir: /var/lib/containerd
dockerDataDir: /var/lib/docker
registryDataDir: /mnt/registry
# define a policy to modify image namespace, the policy below will be like:
# namespace1 -> library
# kubesphere -> library/kubesphere
namespaceRewrite:
policy: changePrefix
src:
- namespace1
dest: library
addons: [] # You can install cloud-native addons (Chart or YAML) by using this field.
#dns:
# ## Optional hosts file content to coredns use as /etc/hosts file.
# dnsEtcHosts: |
# 192.168.0.100 api.example.com
# 192.168.0.200 ingress.example.com
# coredns:
# ## additionalConfigs adds any extra configuration to coredns
# additionalConfigs: |
# whoami
# log
# ## Array of optional external zones to coredns forward queries to. It's injected into coredns' config file before
# ## default kubernetes zone. Use it as an optimization for well-known zones and/or internal-only domains, i.e. VPN for internal networks (default is unset)
# externalZones:
# - zones:
# - example.com
# - example.io:1053
# nameservers:
# - 1.1.1.1
# - 2.2.2.2
# cache: 5
# - zones:
# - mycompany.local:4453
# nameservers:
# - 192.168.0.53
# cache: 10
# - zones:
# - mydomain.tld
# nameservers:
# - 10.233.0.3
# cache: 5
# rewrite:
# - name substring website.tld website.namespace.svc.cluster.local
# ## Rewrite plugin block to perform internal message rewriting.
# rewriteBlock: |
# rewrite stop {
# name regex (.*)\.my\.domain {1}.svc.cluster.local
# answer name (.*)\.svc\.cluster\.local {1}.my.domain
# }
# ## DNS servers to be added *after* the cluster DNS. These serve as backup
# ## DNS servers in early cluster deployment when no cluster DNS is available yet.
# upstreamDNSServers:
# - 8.8.8.8
# - 1.2.4.8
# - 114.114.114.114
# nodelocaldns:
# ## It's possible to extent the nodelocaldns' configuration by adding an array of external zones.
# externalZones:
# - zones:
# - example.com
# - example.io:1053
# nameservers:
# - 1.1.1.1
# - 2.2.2.2
# cache: 5
# - zones:
# - mycompany.local:4453
# nameservers:
# - 192.168.0.53
# cache: 10
# - zones:
# - mydomain.tld
# nameservers:
# - 10.233.0.3
# cache: 5
# rewrite:
# - name substring website.tld website.namespace.svc.cluster.local
```
# Network Configuration sample
## Hybridnet
To learn more about hybridnet, check out https://github.com/alibaba/hybridnet
```yaml
network:
plugin: hybridnet
hybridnet:
defaultNetworkType: Overlay
enableNetworkPolicy: false
init: false
preferVxlanInterfaces: eth0
preferVlanInterfaces: eth0
preferBGPInterfaces: eth0
networks:
- name: "net1"
type: Underlay
nodeSelector:
network: "net1"
subnets:
- name: "subnet-10"
netID: 10
cidr: "192.168.10.0/24"
gateway: "192.168.10.1"
- name: "subnet-11"
netID: 11
cidr: "192.168.11.0/24"
gateway: "192.168.11.1"
- name: "net2"
type: Underlay
nodeSelector:
network: "net2"
subnets:
- name: "subnet-30"
netID: 30
cidr: "192.168.30.0/24"
gateway: "192.168.30.1"
- name: "subnet-31"
netID: 31
cidr: "192.168.31.0/24"
gateway: "192.168.31.1"
- name: "net3"
type: Underlay
netID: 0
nodeSelector:
network: "net3"
subnets:
- name: "subnet-50"
cidr: "192.168.50.0/24"
gateway: "192.168.50.1"
start: "192.168.50.100"
end: "192.168.50.200"
reservedIPs: ["192.168.50.101","192.168.50.102"]
excludeIPs: ["192.168.50.111","192.168.50.112"]
```
Reference in New Issue View Git Blame Copy Permalink