Dokumen ini memberikan contoh YAML dari GKE yang paling umum pada konfigurasi cluster Bare Metal. File konfigurasi cluster contoh menyediakan permutasi fitur dan kemampuan berikut:
- Profil edge
- Ketersediaan tinggi
- Open ID Connect (OIDC)
- Lightweight Directory Access Protocol (LDAP)
- Opsi load balancer:
- Beberapa Kumpulan Node
- Penggantian kunci SSH
- Pencerminan registry
- Di belakang proxy
- Repositori paket pribadi
Cara menggunakan contoh
Kumpulan contoh YAML ini pada dasarnya dimaksudkan sebagai referensi edukatif yang menggambarkan tampilan berbagai fitur jika dikonfigurasi dengan benar.
Jika ingin menggunakan contoh ini untuk membuat cluster sendiri, Anda harus melakukan perubahan. Banyak nilai yang digunakan, seperti nilai untuk bagian storage, bersifat default dan berfungsi untuk sebagian besar cluster. Namun, nilai lain seperti spec.authentication.oidc.clientID dan spec.gkeConnect.projectID bersifat khusus untuk project dan lingkungan Anda.
Pahami dokumentasi fitur terkait sebelum mencoba menggunakan konten YAML yang disediakan dalam dokumen ini.
Fitur dalam setiap contoh
Tabel berikut mencantumkan informasi konfigurasi dasar untuk setiap contoh:
| Sampel | |
|---|---|
| Cluster mandiri | |
| Profil edge dasar |
|
| Profil edge ketersediaan tinggi |
|
| Cluster hybrid | |
| Cluster hybrid dasar |
|
| Cluster hybrid ketersediaan tinggi |
|
| Cluster hybrid ketersediaan tinggi dengan load balancing di luar Bidang Kontrol |
|
| Cluster admin | |
| Cluster admin dasar |
|
| Cluster admin dengan load balancing manual |
|
| Cluster admin dengan ketersediaan tinggi |
|
| Cluster pengguna | |
| Cluster pengguna dasar |
|
| Cluster pengguna yang memiliki ketersediaan tinggi dengan beberapa node pool |
|
| Cluster pengguna ketersediaan tinggi dengan OIDC |
|
| Cluster pengguna yang memiliki ketersediaan tinggi dengan load balancing LDAP dan BGP |
|
Cluster mandiri
Perhatikan kemampuan cluster mandiri berikut:
- Dapat mengelola dirinya sendiri
- Dapat menjalankan workload
- Tidak dapat membuat atau mengelola cluster lain/pengguna
Cluster mandiri cocok untuk penginstalan cluster yang memerlukan jejak kecil atau dalam situasi di mana Anda ingin menjalankan cluster dalam partisi yang terisolasi jaringan.
Untuk mengetahui informasi selengkapnya tentang cluster mandiri, lihat Deployment cluster mandiri dan Membuat cluster mandiri.
Profil edge dasar
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster mandiri ini:
- Node tunggal
- Profil edge
- Tidak ada kumpulan node
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-edge-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: edge-basic
namespace: cluster-edge-basic
spec:
type: standalone
profile: edge
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
ingressVIP: 10.200.0.72
addressPools:
- name: pool1
addresses:
- 10.200.0.72-10.200.0.90
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 110
Profil edge ketersediaan tinggi
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster mandiri ini:
- Ketersediaan tinggi dengan tiga node
- Profil edge
- Load balancing Lapisan 2 Paket
- Tidak ada kumpulan node
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-edge-ha
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: edge-ha
namespace: cluster-edge-ha
spec:
type: standalone
profile: edge
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
- address: 10.200.0.3
- address: 10.200.0.4
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
ingressVIP: 10.200.0.72
addressPools:
- name: pool1
addresses:
- 10.200.0.72-10.200.0.90
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 110
Cluster hybrid
Perhatikan kemampuan cluster hybrid berikut:
- Dapat mengelola dirinya sendiri
- Dapat menjalankan workload
- Dapat mengelola cluster pengguna lainnya
Cluster hybrid berfungsi seperti cluster admin yang dapat menjalankan beban kerja pengguna. Sama seperti cluster admin, cluster hybrid dapat mengelola cluster pengguna lainnya. Untuk mengetahui informasi selengkapnya tentang cluster mandiri, lihat Deployment cluster hybrid dan Membuat cluster hybrid.
Cluster hybrid dasar
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster hybrid ini:
- Ketersediaan tidak tinggi
- Load balancing Lapisan 2 Paket
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-hybrid-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: hybrid-basic
namespace: cluster-hybrid-basic
spec:
type: hybrid
profile: default
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
ingressVIP: 10.200.0.72
addressPools:
- name: pool1
addresses:
- 10.200.0.72-10.200.0.90
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-hybrid-basic
spec:
clusterName: hybrid-basic
nodes:
- address: 10.200.0.10
- address: 10.200.0.11
- address: 10.200.0.12
Cluster hybrid ketersediaan tinggi
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster hybrid ini:
- Ketersediaan tinggi
- OIDC
- Di balik proxy
- Duplikasi registry
- Repositori paket pribadi
- Load balancing Lapisan 2 Paket
registryMirrors:
- endpoint: https://10.194.2.13:5007/v2/test-namespace
caCertPath: /root/cert.pem
pullCredentialConfigPath: /root/dockerconfig.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-hybrid-ha
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: hybrid-ha
namespace: cluster-hybrid-ha
spec:
type: hybrid
profile: default
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
- address: 10.200.0.3
- address: 10.200.0.4
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
proxy:
url: http://10.194.2.140:3128
noProxy:
- 127.0.0.1
- localhost
osEnvironmentConfig:
addPackageRepo: false
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
ingressVIP: 10.200.0.72
addressPools:
- name: pool1
addresses:
- 10.200.0.72-10.200.0.90
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
authentication:
oidc:
issuerURL: "https://infra.example.dev/adfs"
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
clientSecret: "clientSecret"
kubectlRedirectURL: "http://localhost:44320/callback"
username: "unique_name"
usernamePrefix: "oidc:"
group: "groups"
groupPrefix: "oidc:"
scopes: "allatclaims"
extraParams: "resource=token-groups-claim"
deployCloudConsoleProxy: true
certificateAuthorityData: base64EncodedCACertificate
proxy: http://10.194.2.140:3128
nodeConfig:
podDensity:
maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-hybrid-ha
spec:
clusterName: hybrid-ha
nodes:
- address: 10.200.0.10
- address: 10.200.0.11
- address: 10.200.0.12
Cluster hybrid ketersediaan tinggi dengan load balancing di luar Bidang Kontrol
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster hybrid ini:
- Ketersediaan tinggi
- OIDC
- Di balik proxy
- Duplikasi registry
- Repositori paket pribadi
- Load balancing Lapisan 2 yang dipaketkan di luar Bidang Kontrol
registryMirrors:
- endpoint: https://10.194.2.13:5007/v2/test-namespace
caCertPath: /root/cert.pem
pullCredentialConfigPath: /root/dockerconfig.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-hybrid-ha-lb
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: hybrid-ha-lb
namespace: cluster-hybrid-ha-lb
spec:
type: hybrid
profile: default
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
- address: 10.200.0.3
- address: 10.200.0.4
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
proxy:
url: http://10.194.2.140:3128
noProxy:
- 127.0.0.1
- localhost
osEnvironmentConfig:
addPackageRepo: false
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
ingressVIP: 10.200.0.72
addressPools:
- name: pool1
addresses:
- 10.200.0.72-10.200.0.90
nodePoolSpec:
nodes:
- address: 10.200.0.5
- address: 10.200.0.6
- address: 10.200.0.7
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
authentication:
oidc:
issuerURL: "https://infra.example.dev/adfs"
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
clientSecret: "clientSecret"
kubectlRedirectURL: "http://localhost:44320/callback"
username: "unique_name"
usernamePrefix: "oidc:"
group: "groups"
groupPrefix: "oidc:"
scopes: "allatclaims"
extraParams: "resource=token-groups-claim"
deployCloudConsoleProxy: true
certificateAuthorityData: base64EncodedCACertificate
proxy: http://10.194.2.140:3128
nodeConfig:
podDensity:
maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-hybrid-ha-lb
spec:
clusterName: hybrid-ha-lb
nodes:
- address: 10.200.0.10
- address: 10.200.0.11
- address: 10.200.0.12
Cluster admin
Cluster admin digunakan untuk mengelola cluster pengguna lainnya. Gunakan cluster admin jika Anda memiliki fleet cluster di pusat data yang sama yang ingin dikelola dari tempat terpusat, dan untuk deployment yang lebih besar yang memerlukan isolasi antara tim yang berbeda, atau antara beban kerja pengembangan dan produksi.
Untuk mengetahui informasi selengkapnya tentang cluster admin, lihat Deployment multi-cluster dan Membuat cluster admin.
Cluster admin dasar
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster admin ini:
- Ketersediaan tidak tinggi
- Load balancing Lapisan 2 Paket
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-admin-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: admin-basic
namespace: cluster-admin-basic
spec:
type: admin
profile: default
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
Cluster admin dengan load balancing manual
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster admin ini:
- Ketersediaan tidak tinggi
- Load balancing eksternal yang dikonfigurasi secara manual
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-admin-manlb
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: admin-manlb
namespace: cluster-admin-manlb
spec:
type: admin
profile: default
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: manual
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
Cluster admin dengan ketersediaan tinggi
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster admin ini:
- Ketersediaan tinggi
- OIDC
- Di balik proxy
- Duplikasi registry
- Repositori paket pribadi
- Load balancing Lapisan 2 Paket
registryMirrors:
- endpoint: https://10.194.2.13:5007/v2/test-namespace
caCertPath: /root/cert.pem
pullCredentialConfigPath: /root/dockerconfig.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-admin-ha
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: admin-ha
namespace: cluster-admin-ha
spec:
type: admin
profile: default
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
- address: 10.200.0.3
- address: 10.200.0.4
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
proxy:
url: http://10.194.2.140:3128
noProxy:
- 127.0.0.1
- localhost
osEnvironmentConfig:
addPackageRepo: false
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
authentication:
oidc:
issuerURL: "https://infra.example.dev/adfs"
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
clientSecret: "clientSecret"
kubectlRedirectURL: "http://localhost:44320/callback"
username: "unique_name"
usernamePrefix: "oidc:"
group: "groups"
groupPrefix: "oidc:"
scopes: "allatclaims"
extraParams: "resource=token-groups-claim"
deployCloudConsoleProxy: true
certificateAuthorityData: base64EncodedCACertificate
proxy: http://10.194.2.140:3128
nodeConfig:
podDensity:
maxPodsPerNode: 250
Cluster pengguna
Cluster pengguna menjalankan workload dalam container. Cluster pengguna harus berisi satu atau beberapa worker node yang menjalankan beban kerja pengguna. Gunakan cluster pengguna jika Anda memiliki banyak cluster di pusat data yang sama dengan yang ingin dikelola dari tempat terpusat. Cluster pengguna juga direkomendasikan untuk deployment lebih besar yang memerlukan pemisahan antara tim yang berbeda atau antara beban kerja pengembangan dan produksi.
Untuk mengetahui informasi selengkapnya tentang cluster admin, lihat Deployment multi-cluster dan Membuat cluster pengguna.
Cluster pengguna dasar
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster pengguna ini:
- Ketersediaan tidak tinggi
- Load balancing Lapisan 2 Paket
apiVersion: v1
kind: Namespace
metadata:
name: cluster-user-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: user-basic
namespace: cluster-user-basic
spec:
type: user
profile: default
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.20
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.91
ingressVIP: 10.200.0.92
addressPools:
- name: pool1
addresses:
- 10.200.0.92-10.200.0.100
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-user-basic
spec:
clusterName: user-basic
nodes:
- address: 10.200.0.30
- address: 10.200.0.31
- address: 10.200.0.32
Cluster pengguna yang memiliki ketersediaan tinggi dengan beberapa kumpulan node
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster pengguna ini:
- Penggantian kunci SSH
- Ketersediaan tinggi
- Di balik proxy
- Duplikasi registry
- Repositori paket pribadi
- Load balancing Lapisan 2 Paket
- Beberapa node pool
registryMirrors:
- endpoint: https://10.194.2.13:5007/v2/test-namespace
caCertPath: /root/cert.pem
pullCredentialConfigPath: /root/dockerconfig.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-user-ha-np
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: user-ha-np
namespace: cluster-user-ha-np
spec:
type: user
profile: default
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.20
- address: 10.200.0.21
- address: 10.200.0.22
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
proxy:
url: http://10.194.2.140:3128
noProxy:
- 127.0.0.1
- localhost
osEnvironmentConfig:
addPackageRepo: false
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.91
ingressVIP: 10.200.0.92
addressPools:
- name: pool1
addresses:
- 10.200.0.92-10.200.0.100
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
credential:
sshKeySecret:
name: ssh-key
namespace: cluster-user-ha-np
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-user-ha-np
spec:
clusterName: user-ha-np
nodes:
- address: 10.200.0.30
- address: 10.200.0.31
- address: 10.200.0.32
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np2
namespace: cluster-user-ha-np
spec:
clusterName: user-ha-np
nodes:
- address: 10.200.0.33
- address: 10.200.0.34
- address: 10.200.0.35
Cluster pengguna ketersediaan tinggi dengan OIDC
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster pengguna ini:
- Ketersediaan tinggi
- OIDC
- Di balik proxy
- Duplikasi registry
- Repositori paket pribadi
- Load balancing Lapisan 2 Paket dari Bidang Kontrol
registryMirrors:
- endpoint: https://10.194.2.13:5007/v2/test-namespace
caCertPath: /root/cert.pem
pullCredentialConfigPath: /root/dockerconfig.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-user-ha-oidc
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: user-ha-oidc
namespace: cluster-user-ha-oidc
spec:
type: user
profile: default
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.20
- address: 10.200.0.21
- address: 10.200.0.22
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
proxy:
url: http://10.194.2.140:3128
noProxy:
- 127.0.0.1
- localhost
osEnvironmentConfig:
addPackageRepo: false
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.91
ingressVIP: 10.200.0.92
addressPools:
- name: pool1
addresses:
- 10.200.0.92-10.200.0.100
nodePoolSpec:
nodes:
- address: 10.200.0.25
- address: 10.200.0.26
- address: 10.200.0.27
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
authentication:
oidc:
issuerURL: "https://infra.example.dev/adfs"
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
clientSecret: "clientSecret"
kubectlRedirectURL: "http://localhost:44320/callback"
username: "unique_name"
usernamePrefix: "oidc:"
group: "groups"
groupPrefix: "oidc:"
scopes: "allatclaims"
extraParams: "resource=token-groups-claim"
deployCloudConsoleProxy: true
certificateAuthorityData: base64EncodedCACertificate
proxy: http://10.194.2.140:3128
nodeConfig:
podDensity:
maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-user-ha-oidc
spec:
clusterName: user-ha-oidc
nodes:
- address: 10.200.0.30
- address: 10.200.0.31
- address: 10.200.0.32
Cluster pengguna ketersediaan tinggi dengan load balancing LDAP dan BGP
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster pengguna ini:
- Ketersediaan tinggi
- LDAP
- Load balancing paket dengan BGP
apiVersion: v1
kind: Namespace
metadata:
name: cluster-user-ha-ldap
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: user-ha-ldap
namespace: cluster-user-ha-ldap
spec:
type: user
profile: default
anthosBareMetalVersion: 1.16.7
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.20
- address: 10.200.0.21
- address: 10.200.0.22
clusterNetwork:
advancedNetworking: true
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
type: bgp
localASN: 65001
bgpPeers:
- ip: 10.8.0.10
asn: 65002
- ip: 10.8.0.11
asn: 65002
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.91
ingressVIP: 10.200.0.92
addressPools:
- name: pool1
addresses:
- 10.200.0.92-10.200.0.100
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
authentication:
- name: ldap
ldap:
connectionType: ldaps
group:
baseDN: ou=Groups,dc=onpremidp,dc=example,dc=net
filter: (objectClass=*)
identifierAttribute: dn
host: ldap.google.com:636
user:
baseDN: ou=Users,dc=onpremidp,dc=example,dc=net
filter: (objectClass=*)
identifierAttribute: uid
loginAttribute: uid
serviceAccountSecret:
name: google-ldap-client-secret
namespace: anthos-identity-service
type: tls
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-user-ha-ldap
spec:
clusterName: user-ha-ldap
nodes:
- address: 10.200.0.30
- address: 10.200.0.31
- address: 10.200.0.32
---
apiVersion: networking.gke.io/v1
kind: NetworkGatewayGroup
metadata:
name: default
namespace: cluster-user-ha-ldap
spec:
floatingIPs:
- 10.0.1.100
- 10.0.2.100