# be sure to add all "required" values... # amazonec2, azure, digitalocean, harvester, vsphere, custom # https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider cloudprovider: harvester # required # cloud provider credentials (example: aws-creds) cloudCredentialSecretName: cc-9ktwg # required # rancher manager url rancher: cattle: url: rancher.bessems.lan #(example: rancher.example.com) # cluster values cluster: # labels: # key: value # annotations: # key: value name: test-rke2-001 # required (example: rke2-cluster-001) config: kubernetesVersion: v1.34.2+rke2r1 # https://github.com/rancher/rke2/releases enableNetworkPolicy: true localClusterAuthEndpoint: enabled: false # additionalManifests: |- # apiVersion: v1 # kind: Pod # metadata: # name: example-manifest # spec: # containers: # - name: example # image: example:1.0.0 # ports: # - containerPort: 80 # agentEnvVars: # - name: A # value: B # defaultClusterRoleForProjectMembers: '' # defaultPodSecurityAdmissionConfigurationTemplateName: '' # defaultPodSecurityPolicyTemplateName: '' # etcd: # disableSnapshots: false # snapshotRetention: 5 # snapshotScheduleCron: 0 */5 * * * # s3: # bucket: rancherbackups # cloudCredentialSecretName: minio-creds # folder: rancher # region: dummyregion # skipSSLVerify: false # endpoint: # minio.example.com # endpointCA: |- # -----BEGIN CERTIFICATE----- # -----END CERTIFICATE----- globalConfig: # systemDefaultRegistry: docker.io # default registry systemDefaultRegistry: code.spamasaurus.com # default registry cni: canal # canal, calico, cilium, multus,canal, multus,calico, multus,cilium # cluster-cidr: 10.42.0.0/16 # https://docs.rke2.io/networking/basic_network_options # service-cidr: 10.43.0.0/16 # https://docs.rke2.io/networking/basic_network_options docker: false # token: '' # tls_san: # - url # - ip # disable: # - rke2-coredns # - rke2-ingress-nginx # - rke2-metrics-server disable_scheduler: false disable_cloud_controller: false disable_kube_proxy: false etcd_expose_metrics: false profile: '' # cis, cis-1.23, or cis-1.6 # https://docs.rke2.io/security/hardening_guide selinux: false # rke2-selinux and container-selinux be installed on the nodes # https://docs.rke2.io/security/selinux secrets_encryption: false write_kubeconfig_mode: 0600 use_service_account_credentials: false protect_kernel_defaults: false cloud_provider_name: '' # https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers # cloud_provider_config: '' # cloud provider config secret here (example: secret://fleet-default:cloudprovider) # kube_controller_manager_arg: # - kube controller manager arguments here (https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager) # kube_scheduler_arg: # - kube scheduler arguments here (https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler) # kube_apiserver_arg: # - kube apiserver arguments here (https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver) # kube_proxy_arg: # - kube proxy arguments here (https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy) # kubelet_arg: # - kubelet arguments here (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet) # controlPlaneConfig: # same options as globalConfig # only will apply to the control plane nodes # workerConfig: # same options as globalConfig # only will apply to the worker nodes registries: enabled: true # configs: # - name: registry.example.com # authConfigSecretName: registry-creds # caBundle: '' # insecureSkipVerify: false # tlsSecretName: '' mirrors: - name: "code.spamasaurus.com" endpoints: - "https://code.spamasaurus.com" rewrite: "^([^/]+.*)": "default/$1" upgradeStrategy: controlPlaneConcurrency: 10% controlPlaneDrainOptions: enabled: false # deleteEmptyDirData: true # disableEviction: false # force: false # gracePeriod: -1 # ignoreDaemonSets: true # ignoreErrors: false # skipWaitForDeleteTimeoutSeconds: 0 # timeout: 120 workerConcurrency: 10% workerDrainOptions: enabled: false # deleteEmptyDirData: true # disableEviction: false # force: false # gracePeriod: -1 # ignoreDaemonSets: true # ignoreErrors: false # skipWaitForDeleteTimeoutSeconds: 0 # timeout: 120 # node and nodepool(s) values nodepools: - name: cp displayName: cp quantity: 1 etcd: true controlplane: true worker: false # labels: # key: value # taints: # effect: value # key: value # value: value paused: false # drainBeforeDelete: true # drainBeforeDeleteTimeout: 30s # unhealthyNodeTimeout: 60s # machineDeploymentLabels: # key: value # machineDeploymentAnnotations: # key: value # rollingUpdate: # maxUnavailable: 1 # maxSurge: 1 # clusterId: # only needed if not using cloudCredentialSecretName # clusterType: # only needed if not using cloudCredentialSecretName # kubeconfigContent: # only needed if not using cloudCredentialSecretName cpuCount: 2 #required (example: 4) # diskBus: virtio # diskInfo: '' diskSize: 40 #(example: 64) imageName: default/image-9vmc2 #(example: default/image-abcdefg) # keyPairName: '' memorySize: 4 # required (example: 8) # networkInfo: '' # networkModel: virtio networkName: default/vmn-lan # required (example: default/default) # networkType: '' # sshPassword: '' # sshPort: 22 # sshPrivateKeyPath: '' sshUser: rancher # required (example: rocky) # vmAffinity: '' # vmNamespace: default # networkData: | #cloud-config userData: | #cloud-config package_update: true packages: - qemu-guest-agent runcmd: - systemctl enable '--now' qemu-guest-agent.service write_files: - path: /etc/dhcpcd.conf permissions: '0644' append: true content: | # Only accept Harvester Managed DHCP lease offers whitelist 192.168.154.99 - name: wp displayName: wp quantity: 1 etcd: false controlplane: false worker: true # labels: # key: value # taints: # effect: value # key: value # value: value paused: false # drainBeforeDelete: true # drainBeforeDeleteTimeout: 30s # unhealthyNodeTimeout: 60s # machineDeploymentLabels: # key: value # machineDeploymentAnnotations: # key: value # rollingUpdate: # maxUnavailable: 1 # maxSurge: 1 # clusterId: # only needed if not using cloudCredentialSecretName # clusterType: # only needed if not using cloudCredentialSecretName # kubeconfigContent: # only needed if not using cloudCredentialSecretName cpuCount: 2 # required (example: 4) # diskBus: virtio # diskInfo: '' diskSize: 40 # required (example: 64) imageName: default/image-9vmc2 #(example: default/image-abcdefg) # keyPairName: '' memorySize: 4 # required (example: 8) # networkInfo: '' # networkModel: virtio networkName: default/vmn-lan # required (example: default/default) # networkType: '' # sshPassword: '' # sshPort: 22 # sshPrivateKeyPath: '' sshUser: rancher # required (example: rocky) # vmAffinity: '' # vmNamespace: default # networkData: | #cloud-config userData: | #cloud-config package_update: true packages: - qemu-guest-agent runcmd: - systemctl enable '--now' qemu-guest-agent.service write_files: - path: /etc/dhcpcd.conf permissions: '0644' append: true content: | # Only accept Harvester Managed DHCP lease offers whitelist 192.168.154.99 # addons values addons: # https://github.com/rancher/charts/tree/release-v2.9/charts/rancher-monitoring/104.1.2%2Bup57.0.3 monitoring: enabled: false # version: 104.1.2+up57.0.3 # values: # values here # https://github.com/rancher/charts/tree/release-v2.9/charts/rancher-logging/104.1.2%2Bup4.8.0 logging: enabled: false # version: 104.1.2+up4.8.0 # values: # values here # https://github.com/rancher/charts/tree/release-v2.9/charts/longhorn/104.2.1%2Bup1.7.2 longhorn: enabled: false # version: 104.2.1+up1.7.2 # values: # values here # https://github.com/rancher/charts/tree/release-v2.9/charts/neuvector/104.0.2%2Bup2.8.0 neuvector: enabled: false # version: 104.0.2+up2.8.0 # values: # values here