mirror of https://github.com/easzlab/kubeasz.git
225 lines
6.6 KiB
YAML
225 lines
6.6 KiB
YAML
############################
|
||
# prepare
|
||
############################
|
||
# 可选离线安装系统软件包 (offline|online)
|
||
INSTALL_SOURCE: "online"
|
||
|
||
# 可选进行系统安全加固 github.com/dev-sec/ansible-collection-hardening
|
||
OS_HARDEN: false
|
||
|
||
# 设置时间源服务器【重要:集群内机器时间必须同步】
|
||
ntp_servers:
|
||
- "ntp1.aliyun.com"
|
||
- "time1.cloud.tencent.com"
|
||
- "0.cn.pool.ntp.org"
|
||
|
||
# 设置允许内部时间同步的网络段,比如"10.0.0.0/8",默认全部允许
|
||
local_network: "0.0.0.0/0"
|
||
|
||
|
||
############################
|
||
# role:deploy
|
||
############################
|
||
# default: ca will expire in 100 years
|
||
# default: certs issued by the ca will expire in 50 years
|
||
CA_EXPIRY: "876000h"
|
||
CERT_EXPIRY: "438000h"
|
||
|
||
# kubeconfig 配置参数
|
||
CLUSTER_NAME: "cluster1"
|
||
CONTEXT_NAME: "context-{{ CLUSTER_NAME }}"
|
||
|
||
|
||
############################
|
||
# role:etcd
|
||
############################
|
||
# 设置不同的wal目录,可以避免磁盘io竞争,提高性能
|
||
ETCD_DATA_DIR: "/var/lib/etcd"
|
||
ETCD_WAL_DIR: ""
|
||
|
||
|
||
############################
|
||
# role:runtime [containerd,docker]
|
||
############################
|
||
# ------------------------------------------- containerd
|
||
# [.]启用容器仓库镜像
|
||
ENABLE_MIRROR_REGISTRY: true
|
||
|
||
# [containerd]基础容器镜像
|
||
SANDBOX_IMAGE: "easzlab/pause-amd64:3.2"
|
||
|
||
# [containerd]容器持久化存储目录
|
||
CONTAINERD_STORAGE_DIR: "/var/lib/containerd"
|
||
|
||
# ------------------------------------------- docker
|
||
# [docker]容器存储目录
|
||
DOCKER_STORAGE_DIR: "/var/lib/docker"
|
||
|
||
# [docker]开启Restful API
|
||
ENABLE_REMOTE_API: false
|
||
|
||
# [docker]信任的HTTP仓库
|
||
INSECURE_REG: '["127.0.0.1/8"]'
|
||
|
||
|
||
############################
|
||
# role:kube-master
|
||
############################
|
||
# k8s 集群 master 节点证书配置,可以添加多个ip和域名(比如增加公网ip和域名)
|
||
MASTER_CERT_HOSTS:
|
||
- "10.1.1.1"
|
||
- "k8s.test.io"
|
||
#- "www.test.com"
|
||
|
||
# node 节点上 pod 网段掩码长度(决定每个节点最多能分配的pod ip地址)
|
||
# 如果flannel 使用 --kube-subnet-mgr 参数,那么它将读取该设置为每个节点分配pod网段
|
||
# https://github.com/coreos/flannel/issues/847
|
||
NODE_CIDR_LEN: 24
|
||
|
||
|
||
############################
|
||
# role:kube-node
|
||
############################
|
||
# Kubelet 根目录
|
||
KUBELET_ROOT_DIR: "/var/lib/kubelet"
|
||
|
||
# node节点最大pod 数
|
||
MAX_PODS: 110
|
||
|
||
# 配置为kube组件(kubelet,kube-proxy,dockerd等)预留的资源量
|
||
# 数值设置详见templates/kubelet-config.yaml.j2
|
||
KUBE_RESERVED_ENABLED: "yes"
|
||
|
||
# k8s 官方不建议草率开启 system-reserved, 除非你基于长期监控,了解系统的资源占用状况;
|
||
# 并且随着系统运行时间,需要适当增加资源预留,数值设置详见templates/kubelet-config.yaml.j2
|
||
# 系统预留设置基于 4c/8g 虚机,最小化安装系统服务,如果使用高性能物理机可以适当增加预留
|
||
# 另外,集群安装时候apiserver等资源占用会短时较大,建议至少预留1g内存
|
||
SYS_RESERVED_ENABLED: "no"
|
||
|
||
# haproxy balance mode
|
||
BALANCE_ALG: "roundrobin"
|
||
|
||
|
||
############################
|
||
# role:network [flannel,calico,cilium,kube-ovn,kube-router]
|
||
############################
|
||
# ------------------------------------------- flannel
|
||
# [flannel]设置flannel 后端"host-gw","vxlan"等
|
||
FLANNEL_BACKEND: "vxlan"
|
||
DIRECT_ROUTING: false
|
||
|
||
# [flannel] flanneld_image: "quay.io/coreos/flannel:v0.10.0-amd64"
|
||
flannelVer: "__flannel__"
|
||
flanneld_image: "easzlab/flannel:{{ flannelVer }}"
|
||
|
||
# [flannel]离线镜像tar包
|
||
flannel_offline: "flannel_{{ flannelVer }}.tar"
|
||
|
||
# ------------------------------------------- calico
|
||
# [calico]设置 CALICO_IPV4POOL_IPIP=“off”,可以提高网络性能,条件限制详见 docs/setup/calico.md
|
||
CALICO_IPV4POOL_IPIP: "Always"
|
||
|
||
# [calico]设置 calico-node使用的host IP,bgp邻居通过该地址建立,可手工指定也可以自动发现
|
||
IP_AUTODETECTION_METHOD: "can-reach={{ groups['kube_master'][0] }}"
|
||
|
||
# [calico]设置calico 网络 backend: brid, vxlan, none
|
||
CALICO_NETWORKING_BACKEND: "brid"
|
||
|
||
# [calico]更新支持calico 版本: [v3.3.x] [v3.4.x] [v3.8.x] [v3.15.x]
|
||
calico_ver: "__calico__"
|
||
|
||
# [calico]calico 主版本
|
||
calico_ver_main: "{{ calico_ver.split('.')[0] }}.{{ calico_ver.split('.')[1] }}"
|
||
|
||
# [calico]离线镜像tar包
|
||
calico_offline: "calico_{{ calico_ver }}.tar"
|
||
|
||
# ------------------------------------------- cilium
|
||
# [cilium]CILIUM_ETCD_OPERATOR 创建的 etcd 集群节点数 1,3,5,7...
|
||
ETCD_CLUSTER_SIZE: 1
|
||
|
||
# [cilium]镜像版本
|
||
cilium_ver: "__cilium__"
|
||
|
||
# [cilium]离线镜像tar包
|
||
cilium_offline: "cilium_{{ cilium_ver }}.tar"
|
||
|
||
# ------------------------------------------- kube-ovn
|
||
# [kube-ovn]选择 OVN DB and OVN Control Plane 节点,默认为第一个master节点
|
||
OVN_DB_NODE: "{{ groups['kube_master'][0] }}"
|
||
|
||
# [kube-ovn]离线镜像tar包
|
||
kube_ovn_ver: "__kube_ovn__"
|
||
kube_ovn_offline: "kube_ovn_{{ kube_ovn_ver }}.tar"
|
||
|
||
# ------------------------------------------- kube-router
|
||
# [kube-router]公有云上存在限制,一般需要始终开启 ipinip;自有环境可以设置为 "subnet"
|
||
OVERLAY_TYPE: "full"
|
||
|
||
# [kube-router]NetworkPolicy 支持开关
|
||
FIREWALL_ENABLE: "true"
|
||
|
||
# [kube-router]kube-router 镜像版本
|
||
kube_router_ver: "__kube_router__"
|
||
busybox_ver: "1.28.4"
|
||
|
||
# [kube-router]kube-router 离线镜像tar包
|
||
kuberouter_offline: "kube-router_{{ kube_router_ver }}.tar"
|
||
busybox_offline: "busybox_{{ busybox_ver }}.tar"
|
||
|
||
|
||
############################
|
||
# role:cluster-addon
|
||
############################
|
||
# coredns 自动安装
|
||
dns_install: "yes"
|
||
corednsVer: "__coredns__"
|
||
ENABLE_LOCAL_DNS_CACHE: true
|
||
dnsNodeCacheVer: "__dns_node_cache__"
|
||
# 设置 local dns cache 地址
|
||
LOCAL_DNS_CACHE: "169.254.20.10"
|
||
|
||
# metric server 自动安装
|
||
metricsserver_install: "yes"
|
||
metricsVer: "__metrics__"
|
||
|
||
# dashboard 自动安装
|
||
dashboard_install: "yes"
|
||
dashboardVer: "__dashboard__"
|
||
dashboardMetricsScraperVer: "__dash_metrics__"
|
||
|
||
# ingress 自动安装
|
||
ingress_install: "no"
|
||
ingress_backend: "traefik"
|
||
traefik_chart_ver: "__traefik_chart__"
|
||
|
||
# prometheus 自动安装
|
||
prom_install: "no"
|
||
prom_namespace: "monitor"
|
||
prom_chart_ver: "__prom_chart__"
|
||
|
||
# nfs-provisioner 自动安装
|
||
nfs_provisioner_install: "no"
|
||
nfs_provisioner_namespace: "kube-system"
|
||
nfs_provisioner_ver: "__nfs_provisioner__"
|
||
nfs_storage_class: "managed-nfs-storage"
|
||
nfs_server: "192.168.1.10"
|
||
nfs_path: "/data/nfs"
|
||
|
||
############################
|
||
# role:harbor
|
||
############################
|
||
# harbor version,完整版本号
|
||
HARBOR_VER: "__harbor__"
|
||
HARBOR_DOMAIN: "harbor.yourdomain.com"
|
||
HARBOR_TLS_PORT: 8443
|
||
|
||
# if set 'false', you need to put certs named harbor.pem and harbor-key.pem in directory 'down'
|
||
HARBOR_SELF_SIGNED_CERT: true
|
||
|
||
# install extra component
|
||
HARBOR_WITH_NOTARY: false
|
||
HARBOR_WITH_TRIVY: false
|
||
HARBOR_WITH_CLAIR: false
|
||
HARBOR_WITH_CHARTMUSEUM: true
|