108 lines
3.1 KiB
Plaintext
108 lines
3.1 KiB
Plaintext
|
# ---------集群主要参数---------------
|
|||
|
|
MASTER_PORT: 6443
|
|||
|
|
|
|||
|
|
#TLS Bootstrapping 使用的 Token,使用 head -c 16 /dev/urandom | od -An -t x | tr -d ' ' 生成
|
|||
|
|
BOOTSTRAP_TOKEN: "0a3417df589e82d359ff6fc3d3c90fc0"
|
|||
|
|
|
|||
|
|
# 集群网络插件,目前支持calico
|
|||
|
|
CLUSTER_NETWORK: "calico"
|
|||
|
|
|
|||
|
|
# 服务网段 (Service CIDR),部署前路由不可达,部署后集群内使用 IP:Port 可达
|
|||
|
|
SERVICE_CIDR: "10.68.0.0/16"
|
|||
|
|
|
|||
|
|
# POD 网段 (Cluster CIDR),部署前路由不可达,**部署后**路由可达
|
|||
|
|
CLUSTER_CIDR: "172.20.0.0/16"
|
|||
|
|
|
|||
|
|
# 服务端口范围 (NodePort Range)
|
|||
|
|
NODE_PORT_RANGE: "10000-32767"
|
|||
|
|
|
|||
|
|
# kubernetes 服务 IP (预分配,一般是 SERVICE_CIDR 中第一个IP)
|
|||
|
|
CLUSTER_KUBERNETES_SVC_IP: "10.68.0.1"
|
|||
|
|
|
|||
|
|
# 集群 DNS 服务 IP (从 SERVICE_CIDR 中预分配)
|
|||
|
|
CLUSTER_DNS_SVC_IP: "10.68.0.2"
|
|||
|
|
|
|||
|
|
# 集群 DNS 域名
|
|||
|
|
CLUSTER_DNS_DOMAIN: "cluster.local."
|
|||
|
|
|
|||
|
|
#默认二进制文件目录
|
|||
|
|
bin_dir: "/opt/k8s/bin"
|
|||
|
|
|
|||
|
|
#集群安装目录
|
|||
|
|
cluster_dir: "/etc/kubernetes"
|
|||
|
|
|
|||
|
|
#证书目录
|
|||
|
|
ca_dir: "{{cluster_dir}}/ssl"
|
|||
|
|
|
|||
|
|
#部署目录,即 ansible 工作目录
|
|||
|
|
base_dir: "/etc/ansible"
|
|||
|
|
|
|||
|
|
#数据目录
|
|||
|
|
data_dir: "/data"
|
|||
|
|
|
|||
|
|
# 基础镜像
|
|||
|
|
k8s_pod_infra_container_image: toyangdon/pause-arm64:3.4.1
|
|||
|
|
|
|||
|
|
#存储卷类型
|
|||
|
|
storage_type: glusterfs
|
|||
|
|
|
|||
|
|
#默认主机名,要求唯一,默认规则:主机组名-主机ip最后一段 ,如果hosts文件中不是配置的ip(有可能是域名),那么就直接取域名
|
|||
|
|
NODE_ID: >-
|
|||
|
|
node-{{inventory_hostname.split('.')[3]}}
|
|||
|
|
|
|||
|
|
#资源限制
|
|||
|
|
#生产配置
|
|||
|
|
#KUBE_RESERVED: "{'cpu':'200m','memory':'500Mi','ephemeral-storage':'1Gi'}"
|
|||
|
|
system_reserved: >-
|
|||
|
|
{'cpu': '{{ ansible_processor_vcpus * 1000 * 0.08 }}m','memory': '{{ansible_memtotal_mb * 0.05}}Mi','ephemeral-storage':'500Mi'}
|
|||
|
|
kube_reserved: >-
|
|||
|
|
{'cpu': '{{ansible_processor_vcpus * 1000 * 0.08}}m','memory': '{{ansible_memtotal_mb * 0.05}}Mi','ephemeral-storage':'500Mi'}
|
|||
|
|
eviction_hard: >-
|
|||
|
|
{'memory.available': '{{ansible_memtotal_mb * 0.05}}Mi','nodefs.available':'5%','imagefs.available':'15%','nodefs.inodesFree': '5%'}
|
|||
|
|
|
|||
|
|
node_labels: >-
|
|||
|
|
{%- if NODE_LABELS is defined -%}{{NODE_LABELS}},{%- endif -%}
|
|||
|
|
{%- for group_name in group_names|reject("match","kube-cluster|kube-node") -%}node.kubernetes.io/{{group_name|replace("kube-","")}}=true{%- if not loop.last-%},{%- endif-%}{%- endfor -%}
|
|||
|
|
|
|||
|
|
node_taints: ""
|
|||
|
|
|
|||
|
|
#本地镜像仓库端口
|
|||
|
|
registry_port: 6550
|
|||
|
|
|
|||
|
|
BASE_IMAGE_URL: >-
|
|||
|
|
{{ groups['registry'][0]}}:{{registry_port}}
|
|||
|
|
|
|||
|
|
#docker insecure registry 如果有多个用逗号分开
|
|||
|
|
docker_insecure_registry: >-
|
|||
|
|
{{BASE_IMAGE_URL}}
|
|||
|
|
|
|||
|
|
#是否部署glusterfs
|
|||
|
|
deploy_gfs: >-
|
|||
|
|
{%- if groups['kube-storage-node']|length !=0 -%}true{%- else -%}false{%- endif -%}
|
|||
|
|
|
|||
|
|
#是否部署监控告警
|
|||
|
|
deploy_monitor: true
|
|||
|
|
|
|||
|
|
#是否离线
|
|||
|
|
deploy_offline: true
|
|||
|
|
|
|||
|
|
#是否部署本地镜像仓库
|
|||
|
|
deploy_docker_registry: true
|
|||
|
|
|
|||
|
|
#是否加载镜像
|
|||
|
|
load_images: true
|
|||
|
|
|
|||
|
|
#是否推送镜像
|
|||
|
|
push_images: true
|
|||
|
|
|
|||
|
|
|
|||
|
|
#工具镜像(证书)
|
|||
|
|
gw_tools_image: toyangdon/gw-tools:1.1
|
|||
|
|
|
|||
|
|
#证书生成命令
|
|||
|
|
#cfssl_cmd: "{{bin_dir}}/docker run --rm -v {{ ca_dir }}:/workdir {{ gw_tools_image }} sh -c"
|
|||
|
|
cfssl_cmd: "cd {{ ca_dir }} && export PATH=$PATH:{{bin_dir}} && sh -c"
|
|||
|
|
|
|||
|
|
#专有云业务镜像仓库
|
|||
|
|
CLOUD_IMAGE_URL: "{{BASE_IMAGE_URL}}"
|