集群配置示例

本文档提供了最常见的 Google Distributed Cloud 集群配置的 YAML 示例。示例集群配置文件提供以下特性和功能的排列:

如何使用示例

此 YAML 示例集合主要用作教育参考,说明各种功能在正确配置后的外观。如果要使用这些示例创建自己的集群,则需要进行更改。许多使用的值(如 storage 部分的值)都是默认值,适用于大多数集群。但是,其他值(如 spec.authentication.oidc.clientIDspec.gkeConnect.projectID)特定于您的项目和环境。

尝试使用本文档中提供的任何 YAML 内容之前,请先熟悉相关功能文档。

每个示例中的特征

下表列出了每个示例的基本配置信息:

示例
独立集群
基本边缘配置文件
  • 单节点
  • 边缘配置文件
  • 没有节点池
高可用性边缘配置文件
  • 包含三个节点的高可用性
  • 边缘配置文件
  • 捆绑式第 2 层负载均衡功能
  • 没有节点池
混合集群
基本混合集群
  • 非高可用性
  • 捆绑式第 2 层负载均衡功能
高可用性混合集群
  • 高可用性
  • OIDC
  • 使用代理
  • 注册表镜像
  • 私有 Package Repository
  • 捆绑式第 2 层负载均衡功能
控制平面外部具有负载均衡功能的高可用性混合集群
  • 高可用性
  • OIDC
  • 使用代理
  • 注册表镜像
  • 私有 Package Repository
  • 控制平面外部的捆绑式第 2 层负载均衡功能
管理员集群
基本管理员集群
  • 非高可用性
  • 捆绑式第 2 层负载均衡功能
具有手动负载均衡功能的管理员集群
  • 非高可用性
  • 手动配置的外部负载均衡功能
高可用性管理员集群
  • 高可用性
  • OIDC
  • 使用代理
  • 注册表镜像
  • 私有 Package Repository
  • 捆绑式第 2 层负载均衡功能
用户集群
基本用户集群
  • 非高可用性
  • 捆绑式第 2 层负载均衡功能
具有多个节点池的高可用性用户集群
  • SSH 密钥替换
  • 高可用性
  • 使用代理
  • 注册表镜像
  • 私有 Package Repository
  • 捆绑式第 2 层负载均衡功能
  • 多个节点池
具有 OIDC 的高可用性用户集群
  • 高可用性
  • OIDC
  • 使用代理
  • 注册表镜像
  • 私有 Package Repository
  • 捆绑式第 2 层负载均衡功能
具有 LDAP 和 BGP 负载均衡功能的高可用性用户集群
  • 高可用性
  • LDAP
  • 使用 BGP 进行捆绑式负载均衡

独立集群

请注意独立集群的以下功能:

  • 它可以自行管理
  • 它可以运行工作负载
  • 无法创建或管理其他/用户集群

独立集群适用于需要较小占用空间的集群安装,或者您希望在网络隔离分区中运行集群的情况。

如需详细了解独立集群,请参阅独立集群部署创建独立集群

基本边缘配置文件

请注意此独立集群配置中的以下功能和选项:

  • 单节点
  • 边缘配置文件
  • 没有节点池
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-edge-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: edge-basic
 
namespace: cluster-edge-basic
spec:
  type: standalone
 
profile: edge

 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.2

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
loadBalancer:
    mode: bundled
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.71
     
ingressVIP: 10.200.0.72
   
addressPools:
    - name: pool1
     
addresses:
      - 10.200.0.72-10.200.0.90
 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
nodeConfig:
    podDensity:
      maxPodsPerNode: 110

高可用性边缘配置文件

请注意此独立集群配置中的以下功能和选项:

  • 包含三个节点的高可用性
  • 边缘配置文件
  • 捆绑式第 2 层负载均衡功能
  • 没有节点池
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-edge-ha
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: edge-ha
 
namespace: cluster-edge-ha
spec:
  type: standalone
 
profile: edge

 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.2
     
- address: 10.200.0.3
     
- address: 10.200.0.4

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
loadBalancer:
    mode: bundled
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.71
     
ingressVIP: 10.200.0.72
   
addressPools:
    - name: pool1
     
addresses:
      - 10.200.0.72-10.200.0.90

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
nodeConfig:
    podDensity:
      maxPodsPerNode: 110

混合集群

请注意混合集群的以下功能:

  • 它可以自行管理
  • 它可以运行工作负载
  • 它可以管理其他用户集群

混合集群的功能类似于可以运行用户工作负载的管理员集群。就像管理员集群一样,混合集群可以管理其他用户集群。如需详细了解独立集群,请参阅混合集群部署创建混合集群

基本混合集群

请注意此混合集群配置中的以下功能和选项:

  • 非高可用性
  • 捆绑式第 2 层负载均衡功能
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-hybrid-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: hybrid-basic
 
namespace: cluster-hybrid-basic
spec:
  type: hybrid
 
profile: default
 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.2

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
loadBalancer:
    mode: bundled
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.71
     
ingressVIP: 10.200.0.72
   
addressPools:
    - name: pool1
     
addresses:
      - 10.200.0.72-10.200.0.90

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
nodeConfig:
    podDensity:
      maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
  name: np1
 
namespace: cluster-hybrid-basic
spec:
  clusterName: hybrid-basic
 
nodes:
  - address:  10.200.0.10
 
- address:  10.200.0.11
 
- address:  10.200.0.12

高可用性混合集群

请注意此混合集群配置中的以下功能和选项:

  • 高可用性
  • OIDC
  • 使用代理
  • 注册表镜像
  • 私有 Package Repository
  • 捆绑式第 2 层负载均衡功能
registryMirrors:
  - endpoint: https://10.194.2.13:5007/v2/test-namespace
   
caCertPath: /root/cert.pem
   
pullCredentialConfigPath: /root/dockerconfig.json

sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-hybrid-ha
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: hybrid-ha
 
namespace: cluster-hybrid-ha
spec:
  type: hybrid
 
profile: default
 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.2
     
- address: 10.200.0.3
     
- address: 10.200.0.4

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
proxy:
    url: http://10.194.2.140:3128
   
noProxy:
    - 127.0.0.1
   
- localhost

 
osEnvironmentConfig:
    addPackageRepo: false

 
loadBalancer:
    mode: bundled
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.71
     
ingressVIP: 10.200.0.72
   
addressPools:
    - name: pool1
     
addresses:
      - 10.200.0.72-10.200.0.90

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
authentication:
    oidc:
      issuerURL: "https://infra.example.dev/adfs"
     
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
     
clientSecret: "clientSecret"
     
kubectlRedirectURL: "http://localhost:44320/callback"
     
username: "unique_name"
     
usernamePrefix: "oidc:"
     
group: "groups"
     
groupPrefix: "oidc:"
     
scopes: "allatclaims"
     
extraParams: "resource=token-groups-claim"
     
deployCloudConsoleProxy: true
     
certificateAuthorityData: base64EncodedCACertificate
     
proxy: http://10.194.2.140:3128

 
nodeConfig:
    podDensity:
      maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
  name: np1
 
namespace: cluster-hybrid-ha
spec:
  clusterName: hybrid-ha
 
nodes:
  - address:  10.200.0.10
 
- address:  10.200.0.11
 
- address:  10.200.0.12

控制平面外部具有负载均衡功能的高可用性混合集群

请注意此混合集群配置中的以下功能和选项:

  • 高可用性
  • OIDC
  • 使用代理
  • 注册表镜像
  • 私有 Package Repository
  • 控制平面外部的捆绑式第 2 层负载均衡功能
registryMirrors:
  - endpoint: https://10.194.2.13:5007/v2/test-namespace
   
caCertPath: /root/cert.pem
   
pullCredentialConfigPath: /root/dockerconfig.json

sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-hybrid-ha-lb
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: hybrid-ha-lb
 
namespace: cluster-hybrid-ha-lb
spec:
  type: hybrid
 
profile: default
 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.2
     
- address: 10.200.0.3
     
- address: 10.200.0.4

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
proxy:
    url: http://10.194.2.140:3128
   
noProxy:
    - 127.0.0.1
   
- localhost

 
osEnvironmentConfig:
    addPackageRepo: false

 
loadBalancer:
    mode: bundled
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.71
     
ingressVIP: 10.200.0.72
   
addressPools:
    - name: pool1
     
addresses:
      - 10.200.0.72-10.200.0.90
   
nodePoolSpec:
      nodes:
      - address: 10.200.0.5
     
- address: 10.200.0.6
     
- address: 10.200.0.7

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
authentication:
    oidc:
      issuerURL: "https://infra.example.dev/adfs"
     
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
     
clientSecret: "clientSecret"
     
kubectlRedirectURL: "http://localhost:44320/callback"
     
username: "unique_name"
     
usernamePrefix: "oidc:"
     
group: "groups"
     
groupPrefix: "oidc:"
     
scopes: "allatclaims"
     
extraParams: "resource=token-groups-claim"
     
deployCloudConsoleProxy: true
     
certificateAuthorityData: base64EncodedCACertificate
     
proxy: http://10.194.2.140:3128

 
nodeConfig:
    podDensity:
      maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
  name: np1
 
namespace: cluster-hybrid-ha-lb
spec:
  clusterName: hybrid-ha-lb
 
nodes:
  - address:  10.200.0.10
 
- address:  10.200.0.11
 
- address:  10.200.0.12

管理员集群

管理员集群用于管理其他用户集群。如果您希望从集中位置管理同一数据中心内的集群舰队,以及需要在不同团队之间或开发和生产工作负载之间进行隔离的情况下完成大型的部署,请使用管理员集群。

如需详细了解管理员集群,请参阅多集群部署创建管理员集群

基本管理员集群

请注意此管理员集群配置中的以下功能和选项:

  • 非高可用性
  • 捆绑式第 2 层负载均衡功能
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-admin-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: admin-basic
 
namespace: cluster-admin-basic
spec:
  type: admin
 
profile: default
 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.2

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
loadBalancer:
    mode: bundled
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.71

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
nodeConfig:
    podDensity:
      maxPodsPerNode: 250

具有手动负载均衡功能的管理员集群

请注意此管理员集群配置中的以下功能和选项:

  • 非高可用性
  • 手动配置的外部负载均衡功能
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-admin-manlb
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: admin-manlb
 
namespace: cluster-admin-manlb
spec:
  type: admin
 
profile: default
 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.2

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
loadBalancer:
    mode: manual
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.71

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
nodeConfig:
    podDensity:
      maxPodsPerNode: 250

高可用性管理员集群

请注意此管理员集群配置中的以下功能和选项:

  • 高可用性
  • OIDC
  • 使用代理
  • 注册表镜像
  • 私有 Package Repository
  • 捆绑式第 2 层负载均衡功能
registryMirrors:
  - endpoint: https://10.194.2.13:5007/v2/test-namespace
   
caCertPath: /root/cert.pem
   
pullCredentialConfigPath: /root/dockerconfig.json

sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-admin-ha
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: admin-ha
 
namespace: cluster-admin-ha
spec:
  type: admin
 
profile: default
 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.2
     
- address: 10.200.0.3
     
- address: 10.200.0.4

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
proxy:
    url: http://10.194.2.140:3128
   
noProxy:
    - 127.0.0.1
   
- localhost

 
osEnvironmentConfig:
    addPackageRepo: false

 
loadBalancer:
    mode: bundled
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.71

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
authentication:
    oidc:
      issuerURL: "https://infra.example.dev/adfs"
     
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
     
clientSecret: "clientSecret"
     
kubectlRedirectURL: "http://localhost:44320/callback"
     
username: "unique_name"
     
usernamePrefix: "oidc:"
     
group: "groups"
     
groupPrefix: "oidc:"
     
scopes: "allatclaims"
     
extraParams: "resource=token-groups-claim"
     
deployCloudConsoleProxy: true
     
certificateAuthorityData: base64EncodedCACertificate
     
proxy: http://10.194.2.140:3128

 
nodeConfig:
    podDensity:
      maxPodsPerNode: 250

用户集群

用户集群运行您的容器化工作负载。用户集群必须包含一个或多个运行用户工作负载的工作器节点。如果您在同一个数据中心内有一个集群舰队,且您想要集中管理这些集群,请使用用户集群。此外,还建议将用户集群用于需要在不同团队之间或开发和生产工作负载之间进行隔离的大型部署。

如需详细了解管理员集群,请参阅多集群部署创建用户集群

基本用户集群

请注意此用户集群配置中的以下功能和选项:

  • 非高可用性
  • 捆绑式第 2 层负载均衡功能
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-user-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: user-basic
 
namespace: cluster-user-basic
spec:
  type: user
 
profile: default
 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.20

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
loadBalancer:
    mode: bundled
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.91
     
ingressVIP: 10.200.0.92
   
addressPools:
    - name: pool1
     
addresses:
      - 10.200.0.92-10.200.0.100

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
nodeConfig:
    podDensity:
      maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
  name: np1
 
namespace: cluster-user-basic
spec:
  clusterName: user-basic
 
nodes:
  - address:  10.200.0.30
 
- address:  10.200.0.31
 
- address:  10.200.0.32

具有多个节点池的高可用性用户集群

请注意此用户集群配置中的以下功能和选项:

  • SSH 密钥替换
  • 高可用性
  • 使用代理
  • 注册表镜像
  • 私有 Package Repository
  • 捆绑式第 2 层负载均衡功能
  • 多个节点池
registryMirrors:
  - endpoint: https://10.194.2.13:5007/v2/test-namespace
   
caCertPath: /root/cert.pem
   
pullCredentialConfigPath: /root/dockerconfig.json

---
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-user-ha-np
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: user-ha-np
 
namespace: cluster-user-ha-np
spec:
  type: user
 
profile: default
 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.20
     
- address: 10.200.0.21
     
- address: 10.200.0.22

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
proxy:
    url: http://10.194.2.140:3128
   
noProxy:
    - 127.0.0.1
   
- localhost

 
osEnvironmentConfig:
    addPackageRepo: false

 
loadBalancer:
    mode: bundled
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.91
     
ingressVIP: 10.200.0.92
   
addressPools:
    - name: pool1
     
addresses:
      - 10.200.0.92-10.200.0.100

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
nodeConfig:
    podDensity:
      maxPodsPerNode: 250
 
credential:
    sshKeySecret:
      name: ssh-key
     
namespace: cluster-user-ha-np

---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
  name: np1
 
namespace: cluster-user-ha-np
spec:
  clusterName: user-ha-np
 
nodes:
  - address:  10.200.0.30
 
- address:  10.200.0.31
 
- address:  10.200.0.32
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
  name: np2
 
namespace: cluster-user-ha-np
spec:
  clusterName: user-ha-np
 
nodes:
  - address:  10.200.0.33
 
- address:  10.200.0.34
 
- address:  10.200.0.35

具有 OIDC 的高可用性用户集群

请注意此用户集群配置中的以下功能和选项:

  • 高可用性
  • OIDC
  • 使用代理
  • 注册表镜像
  • 私有 Package Repository
  • 控制平面外部的捆绑式第 2 层负载均衡功能
registryMirrors:
  - endpoint: https://10.194.2.13:5007/v2/test-namespace
   
caCertPath: /root/cert.pem
   
pullCredentialConfigPath: /root/dockerconfig.json

---
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-user-ha-oidc
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: user-ha-oidc
 
namespace: cluster-user-ha-oidc
spec:
  type: user
 
profile: default
 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.20
     
- address: 10.200.0.21
     
- address: 10.200.0.22

 
clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
proxy:
    url: http://10.194.2.140:3128
   
noProxy:
    - 127.0.0.1
   
- localhost

 
osEnvironmentConfig:
    addPackageRepo: false

 
loadBalancer:
    mode: bundled
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.91
     
ingressVIP: 10.200.0.92
   
addressPools:
    - name: pool1
     
addresses:
      - 10.200.0.92-10.200.0.100
   
nodePoolSpec:
      nodes:
      - address: 10.200.0.25
     
- address: 10.200.0.26
     
- address: 10.200.0.27

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
authentication:
    oidc:
      issuerURL: "https://infra.example.dev/adfs"
     
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
     
clientSecret: "clientSecret"
     
kubectlRedirectURL: "http://localhost:44320/callback"
     
username: "unique_name"
     
usernamePrefix: "oidc:"
     
group: "groups"
     
groupPrefix: "oidc:"
     
scopes: "allatclaims"
     
extraParams: "resource=token-groups-claim"
     
deployCloudConsoleProxy: true
     
certificateAuthorityData: base64EncodedCACertificate
     
proxy: http://10.194.2.140:3128

 
nodeConfig:
    podDensity:
      maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
  name: np1
 
namespace: cluster-user-ha-oidc
spec:
  clusterName: user-ha-oidc
 
nodes:
  - address:  10.200.0.30
 
- address:  10.200.0.31
 
- address:  10.200.0.32

具有 LDAP 和 BGP 负载均衡功能的高可用性用户集群

请注意此用户集群配置中的以下功能和选项:

  • 高可用性
  • LDAP
  • 使用 BGP 进行捆绑式负载均衡
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-user-ha-ldap
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
  name: user-ha-ldap
 
namespace: cluster-user-ha-ldap
spec:
  type: user
 
profile: default
 
anthosBareMetalVersion: 1.29.100-gke.251
 
gkeConnect:
    projectID: project-fleet
 
controlPlane:
    nodePoolSpec:
      nodes:
      - address: 10.200.0.20
     
- address: 10.200.0.21
     
- address: 10.200.0.22

 
clusterNetwork:
    advancedNetworking: true

   
pods:
      cidrBlocks:
      - 192.168.0.0/16
   
services:
      cidrBlocks:
      - 10.96.0.0/20
 
loadBalancer:
    mode: bundled
   
type: bgp
   
localASN: 65001
   
bgpPeers:
    - ip: 10.8.0.10
     
asn: 65002
   
- ip: 10.8.0.11
     
asn: 65002
   
ports:
      controlPlaneLBPort: 443
   
vips:
      controlPlaneVIP: 10.200.0.91
     
ingressVIP: 10.200.0.92
   
addressPools:
    - name: pool1
     
addresses:
      - 10.200.0.92-10.200.0.100

 
clusterOperations:
    projectID: project-fleet
   
location: us-central1
 
storage:
    lvpNodeMounts:
      path: /mnt/localpv-disk
     
storageClassName: local-disks
   
lvpShare:
      path: /mnt/localpv-share
     
storageClassName: local-shared
     
numPVUnderSharedPath: 5
 
nodeConfig:
    podDensity:
      maxPodsPerNode: 250
 
authentication:
  - name: ldap
   
ldap:
      connectionType: ldaps
     
group:
        baseDN: ou=Groups,dc=onpremidp,dc=example,dc=net
       
filter: (objectClass=*)
       
identifierAttribute: dn
     
host: ldap.google.com:636
     
user:
        baseDN: ou=Users,dc=onpremidp,dc=example,dc=net
       
filter: (objectClass=*)
       
identifierAttribute: uid
       
loginAttribute: uid
     
serviceAccountSecret:
        name: google-ldap-client-secret
       
namespace: anthos-identity-service
       
type: tls

---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
  name: np1
 
namespace: cluster-user-ha-ldap
spec:
  clusterName: user-ha-ldap
 
nodes:
  - address:  10.200.0.30
 
- address:  10.200.0.31
 
- address:  10.200.0.32
---
apiVersion: networking.gke.io/v1
kind: NetworkGatewayGroup
metadata:
  name: default
 
namespace: cluster-user-ha-ldap
spec:
  floatingIPs:
  - 10.0.1.100
 
- 10.0.2.100