kubeasz/example/config.yml

223 lines
7.1 KiB
YAML
Raw Normal View History

2020-12-25 11:53:00 +08:00
############################
2021-01-19 23:35:31 +08:00
# prepare
2020-12-25 11:53:00 +08:00
############################
# 可选离线安装系统软件包 (offline|online)
INSTALL_SOURCE: "online"
2021-01-19 23:35:31 +08:00
# 可选进行系统安全加固 github.com/dev-sec/ansible-collection-hardening
OS_HARDEN: false
2020-12-25 11:53:00 +08:00
############################
# role:deploy
############################
# default: ca will expire in 100 years
# default: certs issued by the ca will expire in 50 years
CA_EXPIRY: "876000h"
CERT_EXPIRY: "438000h"
# force to recreate CA and other certs, not suggested to set 'true'
CHANGE_CA: false
# kubeconfig 配置参数
2020-12-25 11:53:00 +08:00
CLUSTER_NAME: "cluster1"
CONTEXT_NAME: "context-{{ CLUSTER_NAME }}"
2020-12-25 11:53:00 +08:00
# k8s version
K8S_VER: "__k8s_ver__"
2020-12-25 11:53:00 +08:00
# set unique 'k8s_nodename' for each node, if not set(default:'') ip add will be used
# CAUTION: 'k8s_nodename' must consist of lower case alphanumeric characters, '-' or '.',
# and must start and end with an alphanumeric character (e.g. 'example.com'),
# regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
K8S_NODENAME: "{%- if k8s_nodename != '' -%} \
{{ k8s_nodename|replace('_', '-')|lower }} \
{%- else -%} \
{{ inventory_hostname }} \
{%- endif -%}"
2021-02-09 17:40:04 +08:00
############################
# role:etcd
############################
# 设置不同的wal目录可以避免磁盘io竞争提高性能
ETCD_DATA_DIR: "/var/lib/etcd"
ETCD_WAL_DIR: ""
2020-12-25 11:53:00 +08:00
############################
# role:runtime [containerd,docker]
############################
2020-12-30 11:25:54 +08:00
# ------------------------------------------- containerd
2020-12-25 11:53:00 +08:00
# [.]启用容器仓库镜像
ENABLE_MIRROR_REGISTRY: true
# [containerd]基础容器镜像
2022-06-09 22:33:46 +08:00
SANDBOX_IMAGE: "easzlab.io.local:5000/easzlab/pause:__pause__"
2020-12-25 11:53:00 +08:00
# [containerd]容器持久化存储目录
CONTAINERD_STORAGE_DIR: "/var/lib/containerd"
2020-12-30 11:25:54 +08:00
# ------------------------------------------- docker
2020-12-25 11:53:00 +08:00
# [docker]容器存储目录
DOCKER_STORAGE_DIR: "/var/lib/docker"
# [docker]开启Restful API
ENABLE_REMOTE_API: false
# [docker]信任的HTTP仓库
2023-05-02 17:11:18 +08:00
INSECURE_REG:
- "http://easzlab.io.local:5000"
- "https://{{ HARBOR_REGISTRY }}"
2020-12-25 11:53:00 +08:00
############################
# role:kube-master
############################
# k8s 集群 master 节点证书配置可以添加多个ip和域名比如增加公网ip和域名
MASTER_CERT_HOSTS:
- "10.1.1.1"
2022-06-09 22:33:46 +08:00
- "k8s.easzlab.io"
2020-12-25 11:53:00 +08:00
#- "www.test.com"
# node 节点上 pod 网段掩码长度决定每个节点最多能分配的pod ip地址
# 如果flannel 使用 --kube-subnet-mgr 参数那么它将读取该设置为每个节点分配pod网段
# https://github.com/coreos/flannel/issues/847
NODE_CIDR_LEN: 24
############################
# role:kube-node
############################
# Kubelet 根目录
KUBELET_ROOT_DIR: "/var/lib/kubelet"
# node节点最大pod 数
MAX_PODS: 110
# 配置为kube组件kubelet,kube-proxy,dockerd等预留的资源量
# 数值设置详见templates/kubelet-config.yaml.j2
KUBE_RESERVED_ENABLED: "no"
2020-12-25 11:53:00 +08:00
# k8s 官方不建议草率开启 system-reserved, 除非你基于长期监控,了解系统的资源占用状况;
# 并且随着系统运行时间需要适当增加资源预留数值设置详见templates/kubelet-config.yaml.j2
# 系统预留设置基于 4c/8g 虚机,最小化安装系统服务,如果使用高性能物理机可以适当增加预留
# 另外集群安装时候apiserver等资源占用会短时较大建议至少预留1g内存
SYS_RESERVED_ENABLED: "no"
############################
# role:network [flannel,calico,cilium,kube-ovn,kube-router]
############################
2020-12-30 11:25:54 +08:00
# ------------------------------------------- flannel
2020-12-25 11:53:00 +08:00
# [flannel]设置flannel 后端"host-gw","vxlan"等
FLANNEL_BACKEND: "vxlan"
DIRECT_ROUTING: false
2022-09-15 19:53:06 +08:00
# [flannel]
flannel_ver: "__flannel__"
2020-12-25 11:53:00 +08:00
2020-12-30 11:25:54 +08:00
# ------------------------------------------- calico
# [calico] IPIP隧道模式可选项有: [Always, CrossSubnet, Never],跨子网可以配置为Always与CrossSubnet(公有云建议使用always比较省事其他的话需要修改各自公有云的网络配置具体可以参考各个公有云说明)
# 其次CrossSubnet为隧道+BGP路由混合模式可以提升网络性能同子网配置为Never即可.
2020-12-25 11:53:00 +08:00
CALICO_IPV4POOL_IPIP: "Always"
# [calico]设置 calico-node使用的host IPbgp邻居通过该地址建立可手工指定也可以自动发现
IP_AUTODETECTION_METHOD: "can-reach={{ groups['kube_master'][0] }}"
2020-12-25 11:53:00 +08:00
# [calico]设置calico 网络 backend: brid, vxlan, none
CALICO_NETWORKING_BACKEND: "brid"
# [calico]设置calico 是否使用route reflectors
# 如果集群规模超过50个节点建议启用该特性
CALICO_RR_ENABLED: false
# CALICO_RR_NODES 配置route reflectors的节点如果未设置默认使用集群master节点
# CALICO_RR_NODES: ["192.168.1.1", "192.168.1.2"]
CALICO_RR_NODES: []
2022-09-08 21:10:33 +08:00
# [calico]更新支持calico 版本: ["3.19", "3.23"]
2020-12-30 11:25:54 +08:00
calico_ver: "__calico__"
2020-12-25 11:53:00 +08:00
# [calico]calico 主版本
calico_ver_main: "{{ calico_ver.split('.')[0] }}.{{ calico_ver.split('.')[1] }}"
2020-12-30 11:25:54 +08:00
# ------------------------------------------- cilium
2020-12-25 11:53:00 +08:00
# [cilium]镜像版本
2020-12-30 11:25:54 +08:00
cilium_ver: "__cilium__"
2022-06-18 08:27:12 +08:00
cilium_connectivity_check: true
2022-07-02 22:51:49 +08:00
cilium_hubble_enabled: false
2022-07-02 21:52:48 +08:00
cilium_hubble_ui_enabled: false
2020-12-25 11:53:00 +08:00
2020-12-30 11:25:54 +08:00
# ------------------------------------------- kube-ovn
2020-12-25 11:53:00 +08:00
# [kube-ovn]选择 OVN DB and OVN Control Plane 节点默认为第一个master节点
OVN_DB_NODE: "{{ groups['kube_master'][0] }}"
2020-12-25 11:53:00 +08:00
# [kube-ovn]离线镜像tar包
2020-12-30 11:25:54 +08:00
kube_ovn_ver: "__kube_ovn__"
2020-12-25 11:53:00 +08:00
2020-12-30 11:25:54 +08:00
# ------------------------------------------- kube-router
2020-12-25 11:53:00 +08:00
# [kube-router]公有云上存在限制,一般需要始终开启 ipinip自有环境可以设置为 "subnet"
OVERLAY_TYPE: "full"
# [kube-router]NetworkPolicy 支持开关
2022-06-18 08:27:12 +08:00
FIREWALL_ENABLE: true
2020-12-25 11:53:00 +08:00
# [kube-router]kube-router 镜像版本
2020-12-30 11:25:54 +08:00
kube_router_ver: "__kube_router__"
2020-12-25 11:53:00 +08:00
busybox_ver: "1.28.4"
############################
# role:cluster-addon
############################
2020-12-30 11:25:54 +08:00
# coredns 自动安装
2020-12-25 11:53:00 +08:00
dns_install: "yes"
2020-12-30 11:25:54 +08:00
corednsVer: "__coredns__"
2021-01-13 21:27:18 +08:00
ENABLE_LOCAL_DNS_CACHE: true
dnsNodeCacheVer: "__dns_node_cache__"
# 设置 local dns cache 地址
LOCAL_DNS_CACHE: "169.254.20.10"
2020-12-25 11:53:00 +08:00
# metric server 自动安装
metricsserver_install: "yes"
2020-12-30 11:25:54 +08:00
metricsVer: "__metrics__"
2020-12-25 11:53:00 +08:00
# dashboard 自动安装
dashboard_install: "yes"
2020-12-30 11:25:54 +08:00
dashboardVer: "__dashboard__"
dashboardMetricsScraperVer: "__dash_metrics__"
2020-12-25 11:53:00 +08:00
2021-01-11 11:12:14 +08:00
# prometheus 自动安装
prom_install: "no"
prom_namespace: "monitor"
prom_chart_ver: "__prom_chart__"
2020-12-25 11:53:00 +08:00
2021-03-27 00:09:42 +08:00
# nfs-provisioner 自动安装
nfs_provisioner_install: "no"
nfs_provisioner_namespace: "kube-system"
nfs_provisioner_ver: "__nfs_provisioner__"
nfs_storage_class: "managed-nfs-storage"
nfs_server: "192.168.1.10"
nfs_path: "/data/nfs"
2022-06-17 16:29:23 +08:00
# network-check 自动安装
2022-06-24 19:50:06 +08:00
network_check_enabled: false
2022-06-17 16:29:23 +08:00
network_check_schedule: "*/5 * * * *"
2020-12-25 11:53:00 +08:00
############################
# role:harbor
############################
# harbor version完整版本号
2021-02-08 21:23:00 +08:00
HARBOR_VER: "__harbor__"
2022-06-09 22:33:46 +08:00
HARBOR_DOMAIN: "harbor.easzlab.io.local"
2022-12-16 09:24:25 +08:00
HARBOR_PATH: /var/data
2021-02-08 21:23:00 +08:00
HARBOR_TLS_PORT: 8443
HARBOR_REGISTRY: "{{ HARBOR_DOMAIN }}:{{ HARBOR_TLS_PORT }}"
2021-02-08 21:23:00 +08:00
# if set 'false', you need to put certs named harbor.pem and harbor-key.pem in directory 'down'
HARBOR_SELF_SIGNED_CERT: true
# install extra component
HARBOR_WITH_NOTARY: false
HARBOR_WITH_TRIVY: false
HARBOR_WITH_CHARTMUSEUM: true