# 网络 CNI 组件 (calico, weave or flannel) kube_network_plugin: calico
# 服务地址分配 kube_service_addresses: 10.233.0.0/18
# pod 地址分配 kube_pods_subnet: 10.233.64.0/18
# 网络节点大小分配 kube_network_node_prefix: 24
# api server 监听地址及端口 kube_apiserver_ip: "{ { kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') } }" kube_apiserver_port: 6443 # (https) kube_apiserver_insecure_port: 8080 # (http)
# 默认 dns 后缀 cluster_name: cluster.local # Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods ndots: 2 # DNS 组件 dnsmasq_kubedns/kubedns dns_mode: dnsmasq_kubedns # Can be docker_dns, host_resolvconf or none resolvconf_mode: docker_dns # 部署 netchecker 来检测 DNS 和 HTTP 状态 deploy_netchecker: false # skydns service IP 配置 skydns_server: "{ { kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') } }" dns_server: "{ { kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') } }" dns_domain: "{ { cluster_name } }"
# docker 的额外配置参数,默认会在 /etc/systemd/system/docker.service.d/ 创建相关配置,如果节点已经安装了 docker,并且做了自己的配置,比如启用了 devicemapper ,那么要更改这里,并把自己的 devicemapper 参数加到这里,因为 kargo 会复写 systemd service 文件,会导致自己在 service 中配置的参数被清空,最后 docker 将无法启动 ## A string of extra options to pass to the docker daemon. ## This string should be exactly as you wish it to appear. ## An obvious use case is allowing insecure-registry access ## to self hosted registries like so: docker_options: "--insecure-registry={ { kube_service_addresses } } --graph={ { docker_daemon_graph } } --iptables=false" docker_bin_dir: "/usr/bin"
# 组件部署方式 # Settings for containerized control plane (etcd/kubelet/secrets) etcd_deployment_type: docker kubelet_deployment_type: docker cert_management: script vault_deployment_type: docker
# 网络 CNI 组件 (calico, weave or flannel) kube_network_plugin: calico
# 服务地址分配 kube_service_addresses: 10.233.0.0/18
# pod 地址分配 kube_pods_subnet: 10.233.64.0/18
# 网络节点大小分配 kube_network_node_prefix: 24
# api server 监听地址及端口 kube_apiserver_ip: "{ { kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') } }" kube_apiserver_port: 6443 # (https) kube_apiserver_insecure_port: 8080 # (http)
# 默认 dns 后缀 cluster_name: cluster.local # Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods ndots: 2 # DNS 组件 dnsmasq_kubedns/kubedns dns_mode: dnsmasq_kubedns # Can be docker_dns, host_resolvconf or none resolvconf_mode: docker_dns # 部署 netchecker 来检测 DNS 和 HTTP 状态 deploy_netchecker: true # skydns service IP 配置 skydns_server: "{ { kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') } }" dns_server: "{ { kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') } }" dns_domain: "{ { cluster_name } }"
# docker 的额外配置参数,默认会在 /etc/systemd/system/docker.service.d/ 创建相关配置,如果节点已经安装了 docker,并且做了自己的配置,比如启用的 device mapper ,那么要删除/更改这里,防止冲突导致 docker 无法启动 ## A string of extra options to pass to the docker daemon. ## This string should be exactly as you wish it to appear. ## An obvious use case is allowing insecure-registry access ## to self hosted registries like so: docker_options: "--insecure-registry={ { kube_service_addresses } } --graph={ { docker_daemon_graph } } --iptables=false --storage-driver=devicemapper --storage-opt=dm.thinpooldev=/dev/mapper/docker-thinpool --storage-opt dm.use_deferred_removal=true --storage-opt=dm.use_deferred_deletion=true" docker_bin_dir: "/usr/bin"
# 组件部署方式 # Settings for containerized control plane (etcd/kubelet/secrets) etcd_deployment_type: docker kubelet_deployment_type: docker cert_management: script vault_deployment_type: docker