rke/cluster.yml

---
nodes:
  - address: 1.1.1.1
    user: ubuntu
    role:
    - controlplane
    - etcd
    ssh_key_path: /home/user/.ssh/id_rsa
    port: 2222
  - address: 2.2.2.2
    user: ubuntu
    role:
    - worker
    ssh_key: |-
      -----BEGIN RSA PRIVATE KEY-----

      -----END RSA PRIVATE KEY-----
  - address: example.com
    user: ubuntu
    role:
    - role
    hostname_override: node3
    internal_address: 192.168.1.6
    labels:
      app: ingress

services:
  etcd:
    # if external etcd is used
    # path: /etcdcluster
    # external_urls:
    #   - https://etcd-example.com:2379
    # ca_cert: |-
    #   -----BEGIN CERTIFICATE-----
    #   xxxxxxxxxx
    #   -----END CERTIFICATE-----
    # cert: |-
    #   -----BEGIN CERTIFICATE-----
    #   xxxxxxxxxx
    #   -----END CERTIFICATE-----
    # key: |-
    #   -----BEGIN PRIVATE KEY-----
    #   xxxxxxxxxx
    #   -----END PRIVATE KEY-----
  kube-api:
    service_cluster_ip_range: 10.42.0.0/16
    pod_security_policy: false
    # add additional arguments to the kubernetes component
    # Note that this WILL OVERRIDE existing defaults
    extra_args:
      v: 4
  kube-controller:
    cluster_cidr: 10.42.0.0/16
    service_cluster_ip_range: 10.43.0.0/16
  scheduler:
  kubelet:
    cluster_domain: cluster.local
    cluster_dns_server: 10.43.0.10
    infra_container_image: gcr.io/google_containers/pause-amd64:3.0
    # Optionally define additional volume binds to a service
    extra_binds:
      - "/host/dev:/dev"
      - "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"
  kubeproxy:

# supported plugins are:
# flannel
# calico
# canal
# weave
#
# If you are using calico on AWS or GCE, use the network plugin config option:
# 'calico_cloud_provider: aws'
# or
# 'calico_cloud_provider: gce'
# network:
#   plugin: calico
#   options:
#     calico_cloud_provider: aws
#
# To specify flannel interface, you can use the 'flannel_iface' option:
# network:
#   plugin: flannel
#   options:
#     flannel_iface: eth1

network:
  plugin: flannel
  options:

# At the moment, the only authentication strategy supported is x509.
# You can optionally create additional SANs (hostnames or IPs) to add to
#  the API server PKI certificate. This is useful if you want to use a load balancer
#  for the control plane servers, for example.
authentication:
  strategy: x509
  sans:
  - "10.18.160.10"
  - "my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com"

# all addon manifests MUST specify a namespace
addons: |-
    ---
    apiVersion: v1
    kind: Pod
    metadata:
      name: my-nginx
      namespace: default
    spec:
      containers:
      - name: my-nginx
        image: nginx
        ports:
        - containerPort: 80

addons_include:
    - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml
    - https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-cluster.yaml
    - /path/to/manifest

system_images:
  etcd: rancher/etcd:v3.0.17
  kubernetes: rancher/k8s:v1.8.9-rancher1-1
  alpine: rancher/rke-tools:v0.1.2
  nginx_proxy: rancher/rke-tools:v0.1.2
  cert_downloader: rancher/rke-tools:v0.1.2
  kubernetes_services_sidecar: rancher/rke-tools:v0.1.2
  kubedns: rancher/k8s-dns-kube-dns-amd64:1.14.5
  dnsmasq: rancher/k8s-dns-dnsmasq-nanny-amd64:1.14.5
  kubedns_sidecar: rancher/k8s-dns-sidecar-amd64:1.14.5
  kubedns_autoscaler: rancher/cluster-proportional-autoscaler-amd64:1.0.0
  flannel: rancher/coreos-flannel:v0.9.1
  flannel_cni: rancher/coreos-flannel-cni:v0.2.0


ssh_key_path: ~/.ssh/test

# Kubernetes authorization mode
# Use `mode: rbac` to enable RBAC
# Use `mode: none` to disable authorization
authorization:
  mode: rbac

# If set to true, rke won't fail when unsupported Docker version is found
ignore_docker_version: false

kubernetes_version: v1.8.9-rancher1-1

# If set, this is the cluster name that will be used in the kube config file
# Default value is "local"
cluster_name: mycluster

# List of registry credentials, if you are using a Docker Hub registry,
# you can omit the `url` or set it to `docker.io`
private_registries:
  - url: registry.com
    user: Username
    password: password

# Currently only nginx ingress provider is supported.
# To disable ingress controller, set `provider: none`
# To enable ingress on specific nodes, use the node_selector, eg:
# nodes:
#   - address: example.com
#     user: ubuntu
#     role:
#     - role
#     hostname_override: node3
#     internal_address: 192.168.1.6
#     labels:
#       app: ingress
#
# ingress:
#   provider: nginx
#   node_selector:
#     app: ingress
#   extra_args:
#     enable-ssl-passthrough: ""

ingress:
  provider: nginx

cloud_provider:
  name: aws
Set up kubernetes components 2017-10-29 09:45:21 +00:00			`---`
Structure and config changes 2017-11-28 17:45:24 +00:00			`nodes:`
			`- address: 1.1.1.1`
Set up kubernetes components 2017-10-29 09:45:21 +00:00			`user: ubuntu`
Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00			`role:`
			`- controlplane`
			`- etcd`
Add ssh key and path per host 2017-12-02 17:07:47 +00:00			`ssh_key_path: /home/user/.ssh/id_rsa`
SSH port is configurable 2018-01-19 18:42:42 +00:00			`port: 2222`
Structure and config changes 2017-11-28 17:45:24 +00:00			`- address: 2.2.2.2`
Set up kubernetes components 2017-10-29 09:45:21 +00:00			`user: ubuntu`
Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00			`role:`
			`- worker`
Add ssh key and path per host 2017-12-02 17:07:47 +00:00			`ssh_key: \|-`
			`-----BEGIN RSA PRIVATE KEY-----`

			`-----END RSA PRIVATE KEY-----`
Structure and config changes 2017-11-28 17:45:24 +00:00			`- address: example.com`
			`user: ubuntu`
Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00			`role:`
			`- role`
Structure and config changes 2017-11-28 17:45:24 +00:00			`hostname_override: node3`
			`internal_address: 192.168.1.6`
Fix/improve documentation for ingress controller Fixes #341 2018-02-11 00:21:26 +00:00			`labels:`
			`app: ingress`
Set up kubernetes components 2017-10-29 09:45:21 +00:00
			`services:`
			`etcd:`
External etcd 2018-02-14 20:58:35 +00:00			`# if external etcd is used`
			`# path: /etcdcluster`
			`# external_urls:`
			`# - https://etcd-example.com:2379`
			`# ca_cert: \|-`
			`# -----BEGIN CERTIFICATE-----`
			`# xxxxxxxxxx`
			`# -----END CERTIFICATE-----`
			`# cert: \|-`
			`# -----BEGIN CERTIFICATE-----`
			`# xxxxxxxxxx`
			`# -----END CERTIFICATE-----`
			`# key: \|-`
			`# -----BEGIN PRIVATE KEY-----`
			`# xxxxxxxxxx`
			`# -----END PRIVATE KEY-----`
Set up kubernetes components 2017-10-29 09:45:21 +00:00			`kube-api:`
Change cluster cidr defaults 2018-03-29 19:51:35 +00:00			`service_cluster_ip_range: 10.42.0.0/16`
Enable PodSecurityPolicy support 2017-12-20 01:51:07 +00:00			`pod_security_policy: false`
Update docs to reflect new extra_args 2018-03-24 00:08:45 +00:00			`# add additional arguments to the kubernetes component`
			`# Note that this WILL OVERRIDE existing defaults`
WIP add extra args to running services 2017-11-10 19:53:48 +00:00			`extra_args:`
Minor cluster.yaml updates 2017-11-22 00:58:21 +00:00			`v: 4`
Set up kubernetes components 2017-10-29 09:45:21 +00:00			`kube-controller:`
Change cluster cidr defaults 2018-03-29 19:51:35 +00:00			`cluster_cidr: 10.42.0.0/16`
			`service_cluster_ip_range: 10.43.0.0/16`
Set up kubernetes components 2017-10-29 09:45:21 +00:00			`scheduler:`
			`kubelet:`
some small fixes add debugging to hosts.go add kubelet and kubeproxy defaults to cluster file add more service configuration remove hosts sudo 2017-10-30 06:31:06 +00:00			`cluster_domain: cluster.local`
Change cluster cidr defaults 2018-03-29 19:51:35 +00:00			`cluster_dns_server: 10.43.0.10`
some small fixes add debugging to hosts.go add kubelet and kubeproxy defaults to cluster file add more service configuration remove hosts sudo 2017-10-30 06:31:06 +00:00			`infra_container_image: gcr.io/google_containers/pause-amd64:3.0`
Add support for additional service binds Support Additional volume binds Add basic documentation for extra args and binds 2018-03-16 03:20:42 +00:00			`# Optionally define additional volume binds to a service`
			`extra_binds:`
			`- "/host/dev:/dev"`
			`- "/usr/libexec/kubernetes/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins"`
Set up kubernetes components 2017-10-29 09:45:21 +00:00			`kubeproxy:`
Use cluster level k8s version 2018-01-30 23:45:44 +00:00
Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00			`# supported plugins are:`
			`# flannel`
			`# calico`
			`# canal`
			`# weave`
			`#`
			`# If you are using calico on AWS or GCE, use the network plugin config option:`
			`# 'calico_cloud_provider: aws'`
			`# or`
			`# 'calico_cloud_provider: gce'`
Update cluster.yml 2018-02-26 19:48:22 +00:00			`# network:`
			`# plugin: calico`
			`# options:`
			`# calico_cloud_provider: aws`
			`#`
			`# To specify flannel interface, you can use the 'flannel_iface' option:`
			`# network:`
			`# plugin: flannel`
			`# options:`
			`# flannel_iface: eth1`

Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00			`network:`
			`plugin: flannel`
			`options:`
Nit fixes for ingress 2018-02-27 23:58:43 +00:00
Support additional altnames for PKI certs 2018-03-22 18:36:25 +00:00			`# At the moment, the only authentication strategy supported is x509.`
			`# You can optionally create additional SANs (hostnames or IPs) to add to`
			`# the API server PKI certificate. This is useful if you want to use a load balancer`
			`# for the control plane servers, for example.`
Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00			`authentication:`
			`strategy: x509`
Support additional altnames for PKI certs 2018-03-22 18:36:25 +00:00			`sans:`
			`- "10.18.160.10"`
			`- "my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com"`
Add user-configurable images Refactor configuration defaults Add comments to config Add configurable utility images Add configurable network plugin images Add configurable kubedns images 2017-12-05 01:29:29 +00:00
Minor cluster.yaml updates 2017-11-22 00:58:21 +00:00			`# all addon manifests MUST specify a namespace`
addons based on k8s jobs and configmaps 2017-11-18 12:51:28 +00:00			`addons: \|-`
			`---`
			`apiVersion: v1`
			`kind: Pod`
			`metadata:`
			`name: my-nginx`
			`namespace: default`
			`spec:`
			`containers:`
			`- name: my-nginx`
			`image: nginx`
			`ports:`
			`- containerPort: 80`
Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00
Adding support for urls and file paths 2018-03-23 21:50:08 +00:00			`addons_include:`
			`- https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-operator.yaml`
			`- https://raw.githubusercontent.com/rook/rook/master/cluster/examples/kubernetes/rook-cluster.yaml`
			`- /path/to/manifest`

Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00			`system_images:`
			`etcd: rancher/etcd:v3.0.17`
bump k8s version 2018-03-13 17:57:48 +00:00			`kubernetes: rancher/k8s:v1.8.9-rancher1-1`
Update readme and cluster.yml with rke-tools 2018-04-20 21:33:19 +00:00			`alpine: rancher/rke-tools:v0.1.2`
			`nginx_proxy: rancher/rke-tools:v0.1.2`
			`cert_downloader: rancher/rke-tools:v0.1.2`
			`kubernetes_services_sidecar: rancher/rke-tools:v0.1.2`
Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00			`kubedns: rancher/k8s-dns-kube-dns-amd64:1.14.5`
			`dnsmasq: rancher/k8s-dns-dnsmasq-nanny-amd64:1.14.5`
			`kubedns_sidecar: rancher/k8s-dns-sidecar-amd64:1.14.5`
			`kubedns_autoscaler: rancher/cluster-proportional-autoscaler-amd64:1.0.0`
Update cluster.yml 2018-02-26 19:48:22 +00:00			`flannel: rancher/coreos-flannel:v0.9.1`
			`flannel_cni: rancher/coreos-flannel-cni:v0.2.0`

Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00
			`ssh_key_path: ~/.ssh/test`

			`# Kubernetes authorization mode`
			# Use `mode: rbac` to enable RBAC
			# Use `mode: none` to disable authorization
			`authorization:`
			`mode: rbac`

			`# If set to true, rke won't fail when unsupported Docker version is found`
			`ignore_docker_version: false`

bump k8s version 2018-03-13 17:57:48 +00:00			`kubernetes_version: v1.8.9-rancher1-1`
Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00
Add ClusterName support for kube config 2018-03-14 00:18:07 +00:00			`# If set, this is the cluster name that will be used in the kube config file`
			`# Default value is "local"`
			`cluster_name: mycluster`

Updated cluster.yml with current values and according to `rke config` 2018-01-25 11:49:13 +00:00			`# List of registry credentials, if you are using a Docker Hub registry,`
			# you can omit the `url` or set it to `docker.io`
			`private_registries:`
			`- url: registry.com`
			`user: Username`
			`password: password`
Nit fixes for ingress 2018-02-27 23:58:43 +00:00
			`# Currently only nginx ingress provider is supported.`
			# To disable ingress controller, set `provider: none`
			`# To enable ingress on specific nodes, use the node_selector, eg:`
			`# nodes:`
			`# - address: example.com`
			`# user: ubuntu`
			`# role:`
			`# - role`
			`# hostname_override: node3`
			`# internal_address: 192.168.1.6`
			`# labels:`
			`# app: ingress`
			`#`
			`# ingress:`
			`# provider: nginx`
			`# node_selector:`
			`# app: ingress`
Added extra_args type map[string]string to ingress-controller. Added rancher-minimal-ssl.yml and rancher-minimal-passthrough.yml to deploy rancher v2.0 using rke. Updated README.md 2018-04-13 16:06:09 +00:00			`# extra_args:`
			`# enable-ssl-passthrough: ""`
Nit fixes for ingress 2018-02-27 23:58:43 +00:00
			`ingress:`
			`provider: nginx`
Add support for AWS cloud provider 2018-03-23 18:14:11 +00:00
			`cloud_provider:`
			`name: aws`