230 lines
7.6 KiB
YAML
230 lines
7.6 KiB
YAML
# be sure to add all "required" values...
|
|
|
|
# amazonec2, azure, digitalocean, harvester, vsphere, custom
|
|
# https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/launch-kubernetes-with-rancher/use-new-nodes-in-an-infra-provider
|
|
cloudprovider: harvester # required
|
|
|
|
# cloud provider credentials (example: aws-creds)
|
|
cloudCredentialSecretName: cc-9ktwg # required
|
|
|
|
# rancher manager url
|
|
rancher:
|
|
cattle:
|
|
url: rancher.bessems.lan #(example: rancher.example.com)
|
|
|
|
# cluster values
|
|
cluster:
|
|
# labels:
|
|
# key: value
|
|
# annotations:
|
|
# key: value
|
|
name: test-rke2-001 # required (example: rke2-cluster-001)
|
|
config:
|
|
kubernetesVersion: v1.34.2+rke2r1 # https://github.com/rancher/rke2/releases
|
|
enableNetworkPolicy: true
|
|
localClusterAuthEndpoint:
|
|
enabled: false
|
|
# additionalManifests: |-
|
|
# apiVersion: v1
|
|
# kind: Pod
|
|
# metadata:
|
|
# name: example-manifest
|
|
# spec:
|
|
# containers:
|
|
# - name: example
|
|
# image: example:1.0.0
|
|
# ports:
|
|
# - containerPort: 80
|
|
# agentEnvVars:
|
|
# - name: A
|
|
# value: B
|
|
# defaultClusterRoleForProjectMembers: ''
|
|
# defaultPodSecurityAdmissionConfigurationTemplateName: ''
|
|
# defaultPodSecurityPolicyTemplateName: ''
|
|
# etcd:
|
|
# disableSnapshots: false
|
|
# snapshotRetention: 5
|
|
# snapshotScheduleCron: 0 */5 * * *
|
|
# s3:
|
|
# bucket: rancherbackups
|
|
# cloudCredentialSecretName: minio-creds
|
|
# folder: rancher
|
|
# region: dummyregion
|
|
# skipSSLVerify: false
|
|
# endpoint: # minio.example.com
|
|
# endpointCA: |-
|
|
# -----BEGIN CERTIFICATE-----
|
|
# -----END CERTIFICATE-----
|
|
globalConfig:
|
|
# systemDefaultRegistry: docker.io # default registry
|
|
systemDefaultRegistry: code.spamasaurus.com # default registry
|
|
cni: calico # canal, calico, cilium, multus,canal, multus,calico, multus,cilium
|
|
# cluster-cidr: 10.42.0.0/16 # https://docs.rke2.io/networking/basic_network_options
|
|
# service-cidr: 10.43.0.0/16 # https://docs.rke2.io/networking/basic_network_options
|
|
docker: false
|
|
# token: ''
|
|
# tls_san:
|
|
# - url
|
|
# - ip
|
|
disable:
|
|
- rke2-ingress-nginx
|
|
# - rke2-coredns
|
|
# - rke2-metrics-server
|
|
disable_scheduler: false
|
|
disable_cloud_controller: false
|
|
disable_kube_proxy: false
|
|
etcd_expose_metrics: false
|
|
profile: '' # cis, cis-1.23, or cis-1.6 # https://docs.rke2.io/security/hardening_guide
|
|
selinux: false # rke2-selinux and container-selinux be installed on the nodes # https://docs.rke2.io/security/selinux
|
|
secrets_encryption: false
|
|
write_kubeconfig_mode: 0600
|
|
use_service_account_credentials: false
|
|
protect_kernel_defaults: false
|
|
cloud_provider_name: '' # https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers
|
|
# cloud_provider_config: '' # cloud provider config secret here (example: secret://fleet-default:cloudprovider)
|
|
# kube_controller_manager_arg:
|
|
# - kube controller manager arguments here (https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager)
|
|
# kube_scheduler_arg:
|
|
# - kube scheduler arguments here (https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler)
|
|
# kube_apiserver_arg:
|
|
# - kube apiserver arguments here (https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver)
|
|
# kube_proxy_arg:
|
|
# - kube proxy arguments here (https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy)
|
|
# kubelet_arg:
|
|
# - kubelet arguments here (https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet)
|
|
# controlPlaneConfig:
|
|
# same options as globalConfig
|
|
# only will apply to the control plane nodes
|
|
# workerConfig:
|
|
# same options as globalConfig
|
|
# only will apply to the worker nodes
|
|
registries:
|
|
enabled: false
|
|
# configs:
|
|
# - name: registry.example.com
|
|
# authConfigSecretName: registry-creds
|
|
# caBundle: ''
|
|
# insecureSkipVerify: false
|
|
# tlsSecretName: ''
|
|
# mirrors:
|
|
# - name: "code.spamasaurus.com"
|
|
# endpoints:
|
|
# - "https://code.spamasaurus.com"
|
|
# rewrite:
|
|
# "^([^/]+.*)": "default/$1"
|
|
upgradeStrategy:
|
|
controlPlaneConcurrency: 10%
|
|
controlPlaneDrainOptions:
|
|
enabled: false
|
|
# deleteEmptyDirData: true
|
|
# disableEviction: false
|
|
# force: false
|
|
# gracePeriod: -1
|
|
# ignoreDaemonSets: true
|
|
# ignoreErrors: false
|
|
# skipWaitForDeleteTimeoutSeconds: 0
|
|
# timeout: 120
|
|
workerConcurrency: 10%
|
|
workerDrainOptions:
|
|
enabled: false
|
|
# deleteEmptyDirData: true
|
|
# disableEviction: false
|
|
# force: false
|
|
# gracePeriod: -1
|
|
# ignoreDaemonSets: true
|
|
# ignoreErrors: false
|
|
# skipWaitForDeleteTimeoutSeconds: 0
|
|
# timeout: 120
|
|
|
|
# node and nodepool(s) values
|
|
nodepools:
|
|
- name: np
|
|
# displayName: np
|
|
quantity: 1
|
|
etcd: true
|
|
controlplane: true
|
|
worker: true
|
|
# labels:
|
|
# key: value
|
|
# taints:
|
|
# effect: value
|
|
# key: value
|
|
# value: value
|
|
paused: false
|
|
# drainBeforeDelete: true
|
|
# drainBeforeDeleteTimeout: 30s
|
|
# unhealthyNodeTimeout: 60s
|
|
# machineDeploymentLabels:
|
|
# key: value
|
|
# machineDeploymentAnnotations:
|
|
# key: value
|
|
# rollingUpdate:
|
|
# maxUnavailable: 1
|
|
# maxSurge: 1
|
|
# clusterId: # only needed if not using cloudCredentialSecretName
|
|
# clusterType: # only needed if not using cloudCredentialSecretName
|
|
# kubeconfigContent: # only needed if not using cloudCredentialSecretName
|
|
cpuCount: 2 #required (example: 4)
|
|
# diskBus: virtio
|
|
# diskInfo: ''
|
|
diskSize: 40 #(example: 64)
|
|
imageName: default/image-9vmc2 #(example: default/image-abcdefg)
|
|
# keyPairName: ''
|
|
memorySize: 4 # required (example: 8)
|
|
# networkInfo: ''
|
|
# networkModel: virtio
|
|
networkName: default/vmn-lan # required (example: default/default)
|
|
# networkType: ''
|
|
# sshPassword: ''
|
|
# sshPort: 22
|
|
# sshPrivateKeyPath: ''
|
|
sshUser: rancher # required (example: rocky)
|
|
# vmAffinity: ''
|
|
# vmNamespace: default
|
|
# networkData: |
|
|
#cloud-config
|
|
userData: |
|
|
#cloud-config
|
|
package_update: true
|
|
packages:
|
|
- qemu-guest-agent
|
|
runcmd:
|
|
- systemctl enable '--now' qemu-guest-agent.service
|
|
write_files:
|
|
- path: /etc/dhcpcd.conf
|
|
permissions: '0644'
|
|
append: true
|
|
content: |
|
|
# Only accept Harvester Managed DHCP lease offers
|
|
whitelist 192.168.154.99
|
|
|
|
|
|
# addons values
|
|
addons:
|
|
# https://github.com/rancher/charts/tree/release-v2.9/charts/rancher-monitoring/104.1.2%2Bup57.0.3
|
|
monitoring:
|
|
enabled: false
|
|
# version: 104.1.2+up57.0.3
|
|
# values:
|
|
# values here
|
|
|
|
# https://github.com/rancher/charts/tree/release-v2.9/charts/rancher-logging/104.1.2%2Bup4.8.0
|
|
logging:
|
|
enabled: false
|
|
# version: 104.1.2+up4.8.0
|
|
# values:
|
|
# values here
|
|
|
|
# https://github.com/rancher/charts/tree/release-v2.9/charts/longhorn/104.2.1%2Bup1.7.2
|
|
longhorn:
|
|
enabled: false
|
|
# version: 104.2.1+up1.7.2
|
|
# values:
|
|
# values here
|
|
|
|
# https://github.com/rancher/charts/tree/release-v2.9/charts/neuvector/104.0.2%2Bup2.8.0
|
|
neuvector:
|
|
enabled: false
|
|
# version: 104.0.2+up2.8.0
|
|
# values:
|
|
# values here |