-
Notifications
You must be signed in to change notification settings - Fork 46
/
cluster.yml
75 lines (68 loc) · 1.69 KB
/
cluster.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
nodes:
- address: 192.168.56.101
port: 22
role: ['controlplane', 'etcd', 'worker']
hostname_override: "master1"
user: vagrant
- address: 192.168.56.102
port: 22
role: ['controlplane', 'etcd', 'worker']
hostname_override: "master2"
user: vagrant
- address: 192.168.56.103
port: 22
role: ['controlplane', 'etcd', 'worker']
hostname_override: "master3"
user: vagrant
services:
kube-api:
audit_log:
enabled: true
configuration:
max_age: 6
max_backup: 6
max_size: 110
path: /var/log/kube-audit/audit-log.json
format: json
policy:
apiVersion: audit.k8s.io/v1 # This is required.
kind: Policy
omitStages:
- "RequestReceived"
rules:
- level: RequestResponse
resources:
- group: ""
resources: ["pods"]
service_cluster_ip_range: 10.43.0.0/16
service_node_port_range: 30000-32767
kube-controller:
cluster_cidr: 10.42.0.0/16
kubelet:
cluster_domain: cluster.local
extra_args:
max-pods: 250
feature-gates: RotateKubeletServerCertificate=true
network:
plugin: calico
authentication:
strategy: x509
sans:
- "192.168.56.100"
- "192.168.56.101"
- "192.168.56.102"
- "192.168.56.103"
- "master.kube.mecan.ir"
- "master1.kube.mecan.ir"
- "master2.kube.mecan.ir"
- "master3.kube.mecan.ir"
authorization:
mode: rbac
ignore_docker_version: true
kubernetes_version: "v1.25.5-rancher1-1"
cluster_name: "MeCan"
private_registries:
- url: repo.rke.mecan.ir
user: MeCan
password: yYdU3w6DbbN9QsximSPBkRAN6Syrs7
is_default: true