108 lines
3.1 KiB
Plaintext
108 lines
3.1 KiB
Plaintext
# ---------集群主要参数---------------
|
||
MASTER_PORT: 6443
|
||
|
||
#TLS Bootstrapping 使用的 Token,使用 head -c 16 /dev/urandom | od -An -t x | tr -d ' ' 生成
|
||
BOOTSTRAP_TOKEN: "0a3417df589e82d359ff6fc3d3c90fc0"
|
||
|
||
# 集群网络插件,目前支持calico
|
||
CLUSTER_NETWORK: "calico"
|
||
|
||
# 服务网段 (Service CIDR),部署前路由不可达,部署后集群内使用 IP:Port 可达
|
||
SERVICE_CIDR: "10.68.0.0/16"
|
||
|
||
# POD 网段 (Cluster CIDR),部署前路由不可达,**部署后**路由可达
|
||
CLUSTER_CIDR: "172.20.0.0/16"
|
||
|
||
# 服务端口范围 (NodePort Range)
|
||
NODE_PORT_RANGE: "10000-32767"
|
||
|
||
# kubernetes 服务 IP (预分配,一般是 SERVICE_CIDR 中第一个IP)
|
||
CLUSTER_KUBERNETES_SVC_IP: "10.68.0.1"
|
||
|
||
# 集群 DNS 服务 IP (从 SERVICE_CIDR 中预分配)
|
||
CLUSTER_DNS_SVC_IP: "10.68.0.2"
|
||
|
||
# 集群 DNS 域名
|
||
CLUSTER_DNS_DOMAIN: "cluster.local."
|
||
|
||
#默认二进制文件目录
|
||
bin_dir: "/opt/k8s/bin"
|
||
|
||
#集群安装目录
|
||
cluster_dir: "/etc/kubernetes"
|
||
|
||
#证书目录
|
||
ca_dir: "{{cluster_dir}}/ssl"
|
||
|
||
#部署目录,即 ansible 工作目录
|
||
base_dir: "/etc/ansible"
|
||
|
||
#数据目录
|
||
data_dir: "/data"
|
||
|
||
# 基础镜像
|
||
k8s_pod_infra_container_image: toyangdon/pause-arm64:3.4.1
|
||
|
||
#存储卷类型
|
||
storage_type: glusterfs
|
||
|
||
#默认主机名,要求唯一,默认规则:主机组名-主机ip最后一段 ,如果hosts文件中不是配置的ip(有可能是域名),那么就直接取域名
|
||
NODE_ID: >-
|
||
node-{{inventory_hostname.split('.')[3]}}
|
||
|
||
#资源限制
|
||
#生产配置
|
||
#KUBE_RESERVED: "{'cpu':'200m','memory':'500Mi','ephemeral-storage':'1Gi'}"
|
||
system_reserved: >-
|
||
{'cpu': '{{ ansible_processor_vcpus * 1000 * 0.08 }}m','memory': '{{ansible_memtotal_mb * 0.05}}Mi','ephemeral-storage':'500Mi'}
|
||
kube_reserved: >-
|
||
{'cpu': '{{ansible_processor_vcpus * 1000 * 0.08}}m','memory': '{{ansible_memtotal_mb * 0.05}}Mi','ephemeral-storage':'500Mi'}
|
||
eviction_hard: >-
|
||
{'memory.available': '{{ansible_memtotal_mb * 0.05}}Mi','nodefs.available':'5%','imagefs.available':'15%','nodefs.inodesFree': '5%'}
|
||
|
||
node_labels: >-
|
||
{%- if NODE_LABELS is defined -%}{{NODE_LABELS}},{%- endif -%}
|
||
{%- for group_name in group_names|reject("match","kube-cluster|kube-node") -%}node.kubernetes.io/{{group_name|replace("kube-","")}}=true{%- if not loop.last-%},{%- endif-%}{%- endfor -%}
|
||
|
||
node_taints: ""
|
||
|
||
#本地镜像仓库端口
|
||
registry_port: 6550
|
||
|
||
BASE_IMAGE_URL: dev-docker-registry.ccyunchina.com
|
||
|
||
|
||
#docker insecure registry 如果有多个用逗号分开
|
||
docker_insecure_registry: >-
|
||
{{BASE_IMAGE_URL}}
|
||
|
||
#是否部署glusterfs
|
||
deploy_gfs: >-
|
||
{%- if groups['kube-storage-node']|length !=0 -%}true{%- else -%}false{%- endif -%}
|
||
|
||
#是否部署监控告警
|
||
deploy_monitor: true
|
||
|
||
#是否离线
|
||
deploy_offline: true
|
||
|
||
#是否部署本地镜像仓库
|
||
deploy_docker_registry: true
|
||
|
||
#是否加载镜像
|
||
load_images: false
|
||
|
||
#是否推送镜像
|
||
push_images: false
|
||
|
||
|
||
#工具镜像(证书)
|
||
gw_tools_image: toyangdon/gw-tools:1.1
|
||
|
||
#证书生成命令
|
||
#cfssl_cmd: "{{bin_dir}}/docker run --rm -v {{ ca_dir }}:/workdir {{ gw_tools_image }} sh -c"
|
||
cfssl_cmd: "cd {{ ca_dir }} && export PATH=$PATH:{{bin_dir}} && sh -c"
|
||
|
||
#专有云业务镜像仓库
|
||
CLOUD_IMAGE_URL: "dev-docker-registry.ccyunchina.com"
|