配置
apiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
name: sample
spec:
hosts:
- {name: k8s-mast1, address: 192.168.0.127, internalAddress: 192.168.0.127, user: root, password: 1}
- {name: k8s-mast2, address: 192.168.0.79, internalAddress: 192.168.0.79, user: root, password: 1}
- {name: k8s-mast3, address: 192.168.0.129, internalAddress: 192.168.0.129, user: root, password: 1}
- {name: k8s-node1, address: 192.168.0.245, internalAddress: 192.168.0.245, user: root, password: 1}
roleGroups:
etcd:
- k8s-mast1
- k8s-mast2
- k8s-mast3
master:
- k8s-mast1
- k8s-mast2
- k8s-mast3
worker:
- k8s-node1
controlPlaneEndpoint:
domain: lb.kubesphere.local
address: “192.168.0.200”
port: 8443
kubernetes:
version: v1.19.8
imageRepo: kubesphere
clusterName: cluster.local
network:
plugin: calico
kubePodsCIDR: 10.233.64.0/18
kubeServiceCIDR: 10.96.0.0/16
registry:
registryMirrors: [“https://q0735tfg.mirror.aliyuncs.com”]
insecureRegistries: []
addons: # 配置客户端
- name: nfs-client
namespace: kube-system
sources:
chart:
name: nfs-client-provisioner
repo: https://charts.kubesphere.io/main
values: /opt/tools/nfs-client.yaml # 指定NFS cher 模板
—
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.1.0
spec:
persistence:
storageClass: "" # If there is not a default StorageClass in your cluster, you need to specify an existing StorageClass here.
authentication:
jwtSecret: "" # Keep the jwtSecret consistent with the host cluster. Retrive the jwtSecret by executing "kubectl -n kubesphere-system get cm kubesphere-config -o yaml | grep -v “apiVersion” | grep jwtSecret" on the host cluster.
local_registry: "" # Add your private registry address if it is needed.
etcd:
monitoring: true # Whether to enable etcd monitoring dashboard installation. You have to create a secret for etcd before you enable it.
endpointIps: 192.168.0.127,192.168.0.79,192.168.0.129 # etcd cluster EndpointIps, it can be a bunch of IPs here.
port: 2379 # etcd port
tlsEnable: true
common:
redis:
enabled: true
openldap:
enabled: true
minioVolumeSize: 100Gi # Minio PVC size.
openldapVolumeSize: 50Gi # openldap PVC size.
redisVolumSize: 50Gi # Redis PVC size.
monitoring:
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090 # Prometheus endpoint to get metrics data
es: # Storage backend for logging, events and auditing.
elasticsearchMasterReplicas: 3 # total number of master nodes, it’s not allowed to use even number
elasticsearchDataReplicas: 3 # total number of data nodes.
elasticsearchMasterVolumeSize: 100Gi # Volume size of Elasticsearch master nodes.
elasticsearchDataVolumeSize: 100Gi # Volume size of Elasticsearch data nodes.
logMaxAge: 7 # Log retention time in built-in Elasticsearch, it is 7 days by default.
elkPrefix: logstash # The string making up index names. The index name will be formatted as ks-<elk_prefix>-log.
basicAuth:
enabled: false
username: ""
password: ""
externalElasticsearchUrl: ""
externalElasticsearchPort: ""
console:
enableMultiLogin: false # enable/disable multiple sign on, it allows an account can be used by different users at the same time.
port: 30880
alerting: # (CPU: 0.1 Core, Memory: 100 MiB) Whether to install KubeSphere alerting system. It enables Users to customize alerting policies to send messages to receivers in time with different time intervals and alerting levels to choose from.
enabled: true
thanosruler:
replicas: 1
resources: {}
auditing: # Whether to install KubeSphere audit log system. It provides a security-relevant chronological set of records,recording the sequence of activities happened in platform, initiated by different tenants.
enabled: true
devops: # (CPU: 0.47 Core, Memory: 8.6 G) Whether to install KubeSphere DevOps System. It provides out-of-box CI/CD system based on Jenkins, and automated workflow tools including Source-to-Image & Binary-to-Image.
enabled: true
jenkinsMemoryLim: 5Gi # Jenkins memory limit.
jenkinsMemoryReq: 1500Mi # Jenkins memory request.
jenkinsVolumeSize: 100Gi # Jenkins volume size.
jenkinsJavaOpts_Xms: 5g # The following three fields are JVM parameters.
jenkinsJavaOpts_Xmx: 5g
jenkinsJavaOpts_MaxRAM: 5g
events: # Whether to install KubeSphere events system. It provides a graphical web console for Kubernetes Events exporting, filtering and alerting in multi-tenant Kubernetes clusters.
enabled: true
ruler:
enabled: true
replicas: 2
logging: # (CPU: 57 m, Memory: 2.76 G) Whether to install KubeSphere logging system. Flexible logging functions are provided for log query, collection and management in a unified console. Additional log collectors can be added, such as Elasticsearch, Kafka and Fluentd.
enabled: true
logsidecar:
enabled: true
replicas: 2
metrics_server: # (CPU: 56 m, Memory: 44.35 MiB) Whether to install metrics-server. IT enables HPA (Horizontal Pod Autoscaler).
enabled: true
monitoring:
storageClass: "" # If there is a independent StorageClass your need for prometheus, you can specify it here. default StorageClass used by default.
prometheusReplicas: 1 # Prometheus replicas are responsible for monitoring different segments of data source and provide high availability as well.
prometheusMemoryRequest: 400Mi # Prometheus request memory.
prometheusVolumeSize: 100Gi # Prometheus PVC size.
alertmanagerReplicas: 1 # AlertManager Replicas.
multicluster:
clusterRole: none # host | member | none # You can install a solo cluster, or specify it as the role of host or member cluster.
network:
networkpolicy: # Network policies allow network isolation within the same cluster, which means firewalls can be set up between certain instances (Pods).
Make sure that the CNI network plugin used by the cluster supports NetworkPolicy. There are a number of CNI network plugins that support NetworkPolicy, including Calico, Cilium, Kube-router, Romana and Weave Net.
enabled: false
ippool: # if calico cni is integrated then use the value “calico”, “none” means that the ippool function is disabled
type: none
topology: # “weave-scope” means to use “weave-scope” to provide network topology information, “none” means that the topology function is disabled
type: none
openpitrix:
store:
enabled: true
servicemesh: # (0.3 Core, 300 MiB) Whether to install KubeSphere Service Mesh (Istio-based). It provides fine-grained traffic management, observability and tracing, and offer visualization for traffic topology.
enabled: true # base component (pilot)
kubeedge:
enabled: true
cloudCore:
nodeSelector: {“node-role.kubernetes.io/worker”: ""}
tolerations: []
cloudhubPort: “10000”
cloudhubQuicPort: “10001”
cloudhubHttpsPort: “10002”
cloudstreamPort: “10003”
tunnelPort: “10004”
cloudHub:
advertiseAddress: # At least a public IP Address or an IP which can be accessed by edge nodes must be provided
- "" # Causion!: Leave this entry to empty will cause CloudCore to exit abnormally once KubeEdge is enabled.
nodeLimit: “100”
service:
cloudhubNodePort: “30000”
cloudhubQuicNodePort: “30001”
cloudhubHttpsNodePort: “30002”
cloudstreamNodePort: “30003”
tunnelNodePort: “30004”
edgeWatcher:
nodeSelector: {“node-role.kubernetes.io/worker”: ""}
tolerations: []
edgeWatcherAgent:
nodeSelector: {“node-role.kubernetes.io/worker”: ""}
tolerations: []
