Dokumen ini memberikan contoh YAML dari konfigurasi cluster Google Distributed Cloud yang paling umum. File konfigurasi cluster contoh memberikan permutasi fitur dan kemampuan berikut:
- Profil Edge
- Ketersediaan tinggi
- Open ID Connect (OIDC)
- Lightweight Directory Access Protocol (LDAP)
- Opsi load balancer:
- Beberapa NodePool
- Penggantian kunci SSH
- Mirror registry
- Di balik proxy
- Repositori paket pribadi
Cara menggunakan sampel
Kumpulan contoh YAML ini terutama ditujukan sebagai referensi
pendidikan yang mengilustrasikan tampilan berbagai fitur saat dikonfigurasi dengan benar.
Jika ingin menggunakan contoh ini untuk membuat cluster Anda sendiri, Anda perlu melakukan
perubahan. Banyak nilai yang digunakan, seperti nilai untuk bagian storage, adalah default dan berfungsi untuk sebagian besar cluster. Namun, nilai lain, seperti
spec.authentication.oidc.clientID dan spec.gkeConnect.projectID, khusus untuk project dan lingkungan Anda.
Pelajari dokumentasi fitur terkait sebelum mencoba menggunakan konten YAML apa pun yang disediakan dalam dokumen ini.
Fitur dalam setiap sampel
Tabel berikut mencantumkan informasi konfigurasi dasar untuk setiap sampel:
| Sampel | |
|---|---|
| Cluster mandiri | |
| Profil edge dasar |
|
| Profil edge dengan ketersediaan tinggi |
|
| Cluster campuran | |
| Cluster hybrid dasar |
|
| Cluster hybrid ketersediaan tinggi |
|
| Cluster hybrid ketersediaan tinggi dengan load balancing di luar Bidang Kontrol |
|
| Cluster admin | |
| Cluster admin dasar |
|
| Cluster admin dengan load balancing manual |
|
| Cluster admin dengan ketersediaan tinggi |
|
| Cluster pengguna | |
| Cluster pengguna dasar |
|
| Cluster pengguna ketersediaan tinggi dengan beberapa node pool |
|
| Cluster pengguna ketersediaan tinggi dengan OIDC |
|
| Cluster pengguna ketersediaan tinggi dengan load balancing LDAP dan BGP |
|
Cluster mandiri
Perhatikan kemampuan cluster mandiri berikut:
- Model ini dapat mengelola dirinya sendiri
- Dapat menjalankan workload
- Tidak dapat membuat atau mengelola cluster lain/pengguna
Cluster mandiri cocok untuk penginstalan cluster yang memerlukan footprint kecil atau dalam situasi saat Anda ingin menjalankan cluster di partisi yang terisolasi jaringan.
Untuk mengetahui informasi selengkapnya tentang cluster mandiri, lihat Deployment cluster mandiri dan Membuat cluster mandiri.
Profil tepi dasar
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster mandiri ini:
- Node tunggal
- Profil tepi
- Tidak ada kumpulan node
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-edge-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: edge-basic
namespace: cluster-edge-basic
spec:
type: standalone
profile: edge
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
ingressVIP: 10.200.0.72
addressPools:
- name: pool1
addresses:
- 10.200.0.72-10.200.0.90
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 110
Profil edge ketersediaan tinggi
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster mandiri ini:
- Ketersediaan tinggi dengan tiga node
- Profil tepi
- Load balancing Lapis 2 yang dipaketkan
- Tidak ada kumpulan node
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-edge-ha
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: edge-ha
namespace: cluster-edge-ha
spec:
type: standalone
profile: edge
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
- address: 10.200.0.3
- address: 10.200.0.4
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
ingressVIP: 10.200.0.72
addressPools:
- name: pool1
addresses:
- 10.200.0.72-10.200.0.90
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 110
Cluster campuran
Perhatikan kemampuan cluster campuran berikut:
- Model ini dapat mengelola dirinya sendiri
- Dapat menjalankan workload
- Dapat mengelola cluster pengguna lain
Cluster campuran berfungsi seperti cluster admin yang dapat menjalankan beban kerja pengguna. Sama seperti cluster admin, cluster campuran dapat mengelola cluster pengguna lainnya. Untuk informasi selengkapnya tentang cluster mandiri, lihat Deployment cluster hybrid dan Membuat cluster hybrid.
Cluster hybrid dasar
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster campuran ini:
- Ketersediaan non-tinggi
- Load balancing Lapis 2 yang dipaketkan
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-hybrid-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: hybrid-basic
namespace: cluster-hybrid-basic
spec:
type: hybrid
profile: default
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
ingressVIP: 10.200.0.72
addressPools:
- name: pool1
addresses:
- 10.200.0.72-10.200.0.90
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-hybrid-basic
spec:
clusterName: hybrid-basic
nodes:
- address: 10.200.0.10
- address: 10.200.0.11
- address: 10.200.0.12
Cluster hibrida dengan ketersediaan tinggi
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster campuran ini:
- Ketersediaan tinggi
- OIDC
- Di balik proxy
- Pencerminan registry
- Repositori paket pribadi
- Load balancing Lapis 2 yang dipaketkan
registryMirrors:
- endpoint: https://10.194.2.13:5007/v2/test-namespace
caCertPath: /root/cert.pem
pullCredentialConfigPath: /root/dockerconfig.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-hybrid-ha
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: hybrid-ha
namespace: cluster-hybrid-ha
spec:
type: hybrid
profile: default
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
- address: 10.200.0.3
- address: 10.200.0.4
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
proxy:
url: http://10.194.2.140:3128
noProxy:
- 127.0.0.1
- localhost
osEnvironmentConfig:
addPackageRepo: false
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
ingressVIP: 10.200.0.72
addressPools:
- name: pool1
addresses:
- 10.200.0.72-10.200.0.90
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
authentication:
oidc:
issuerURL: "https://infra.example.dev/adfs"
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
clientSecret: "clientSecret"
kubectlRedirectURL: "http://localhost:44320/callback"
username: "unique_name"
usernamePrefix: "oidc:"
group: "groups"
groupPrefix: "oidc:"
scopes: "allatclaims"
extraParams: "resource=token-groups-claim"
deployCloudConsoleProxy: true
certificateAuthorityData: base64EncodedCACertificate
proxy: http://10.194.2.140:3128
nodeConfig:
podDensity:
maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-hybrid-ha
spec:
clusterName: hybrid-ha
nodes:
- address: 10.200.0.10
- address: 10.200.0.11
- address: 10.200.0.12
Cluster hibrida ketersediaan tinggi dengan load balancing di luar Bidang Kontrol
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster campuran ini:
- Ketersediaan tinggi
- OIDC
- Di balik proxy
- Pencerminan registry
- Repositori paket pribadi
- Load balancing Lapisan 2 yang dipaketkan di luar Bidang Kontrol
registryMirrors:
- endpoint: https://10.194.2.13:5007/v2/test-namespace
caCertPath: /root/cert.pem
pullCredentialConfigPath: /root/dockerconfig.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-hybrid-ha-lb
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: hybrid-ha-lb
namespace: cluster-hybrid-ha-lb
spec:
type: hybrid
profile: default
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
- address: 10.200.0.3
- address: 10.200.0.4
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
proxy:
url: http://10.194.2.140:3128
noProxy:
- 127.0.0.1
- localhost
osEnvironmentConfig:
addPackageRepo: false
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
ingressVIP: 10.200.0.72
addressPools:
- name: pool1
addresses:
- 10.200.0.72-10.200.0.90
nodePoolSpec:
nodes:
- address: 10.200.0.5
- address: 10.200.0.6
- address: 10.200.0.7
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
authentication:
oidc:
issuerURL: "https://infra.example.dev/adfs"
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
clientSecret: "clientSecret"
kubectlRedirectURL: "http://localhost:44320/callback"
username: "unique_name"
usernamePrefix: "oidc:"
group: "groups"
groupPrefix: "oidc:"
scopes: "allatclaims"
extraParams: "resource=token-groups-claim"
deployCloudConsoleProxy: true
certificateAuthorityData: base64EncodedCACertificate
proxy: http://10.194.2.140:3128
nodeConfig:
podDensity:
maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-hybrid-ha-lb
spec:
clusterName: hybrid-ha-lb
nodes:
- address: 10.200.0.10
- address: 10.200.0.11
- address: 10.200.0.12
Cluster admin
Cluster admin digunakan untuk mengelola cluster pengguna lainnya. Gunakan cluster admin jika Anda memiliki fleet cluster di pusat data yang sama yang ingin dikelola dari tempat terpusat, dan untuk deployment yang lebih besar yang memerlukan isolasi antara tim yang berbeda atau antara workload pengembangan dan produksi.
Untuk mengetahui informasi selengkapnya tentang cluster admin, lihat Deployment multi-cluster dan Membuat cluster admin.
Cluster admin dasar
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster admin ini:
- Ketersediaan non-tinggi
- Load balancing Lapis 2 yang dipaketkan
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-admin-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: admin-basic
namespace: cluster-admin-basic
spec:
type: admin
profile: default
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
Cluster admin dengan load balancing manual
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster admin ini:
- Ketersediaan non-tinggi
- Load balancing eksternal yang dikonfigurasi secara manual
gcrKeyPath: baremetal/gcr.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-admin-manlb
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: admin-manlb
namespace: cluster-admin-manlb
spec:
type: admin
profile: default
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: manual
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
Cluster admin dengan ketersediaan tinggi
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster admin ini:
- Ketersediaan tinggi
- OIDC
- Di balik proxy
- Pencerminan registry
- Repositori paket pribadi
- Load balancing Lapis 2 yang dipaketkan
registryMirrors:
- endpoint: https://10.194.2.13:5007/v2/test-namespace
caCertPath: /root/cert.pem
pullCredentialConfigPath: /root/dockerconfig.json
sshPrivateKeyPath: .ssh/id_rsa
gkeConnectAgentServiceAccountKeyPath: baremetal/connect-agent.json
gkeConnectRegisterServiceAccountKeyPath: baremetal/connect-register.json
cloudOperationsServiceAccountKeyPath: baremetal/cloud-ops.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-admin-ha
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: admin-ha
namespace: cluster-admin-ha
spec:
type: admin
profile: default
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.2
- address: 10.200.0.3
- address: 10.200.0.4
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
proxy:
url: http://10.194.2.140:3128
noProxy:
- 127.0.0.1
- localhost
osEnvironmentConfig:
addPackageRepo: false
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.71
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
authentication:
oidc:
issuerURL: "https://infra.example.dev/adfs"
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
clientSecret: "clientSecret"
kubectlRedirectURL: "http://localhost:44320/callback"
username: "unique_name"
usernamePrefix: "oidc:"
group: "groups"
groupPrefix: "oidc:"
scopes: "allatclaims"
extraParams: "resource=token-groups-claim"
deployCloudConsoleProxy: true
certificateAuthorityData: base64EncodedCACertificate
proxy: http://10.194.2.140:3128
nodeConfig:
podDensity:
maxPodsPerNode: 250
Cluster pengguna
Cluster pengguna menjalankan workload dalam container Anda. Cluster pengguna harus berisi satu atau beberapa node pekerja yang menjalankan workload pengguna. Gunakan cluster pengguna jika Anda memiliki armada cluster di pusat data yang sama yang ingin dikelola dari tempat terpusat. Cluster pengguna juga direkomendasikan untuk deployment yang lebih besar yang memerlukan isolasi antara tim yang berbeda atau antara workload pengembangan dan produksi.
Untuk mengetahui informasi selengkapnya tentang cluster admin, lihat Deployment multi-cluster dan Membuat cluster pengguna.
Cluster pengguna dasar
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster pengguna ini:
- Ketersediaan non-tinggi
- Load balancing Lapis 2 yang dipaketkan
apiVersion: v1
kind: Namespace
metadata:
name: cluster-user-basic
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: user-basic
namespace: cluster-user-basic
spec:
type: user
profile: default
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.20
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.91
ingressVIP: 10.200.0.92
addressPools:
- name: pool1
addresses:
- 10.200.0.92-10.200.0.100
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-user-basic
spec:
clusterName: user-basic
nodes:
- address: 10.200.0.30
- address: 10.200.0.31
- address: 10.200.0.32
Cluster pengguna ketersediaan tinggi dengan beberapa node pool
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster pengguna ini:
- Penggantian kunci SSH
- Ketersediaan tinggi
- Di balik proxy
- Pencerminan registry
- Repositori paket pribadi
- Load balancing Lapis 2 yang dipaketkan
- Beberapa kumpulan node
registryMirrors:
- endpoint: https://10.194.2.13:5007/v2/test-namespace
caCertPath: /root/cert.pem
pullCredentialConfigPath: /root/dockerconfig.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-user-ha-np
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: user-ha-np
namespace: cluster-user-ha-np
spec:
type: user
profile: default
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.20
- address: 10.200.0.21
- address: 10.200.0.22
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
proxy:
url: http://10.194.2.140:3128
noProxy:
- 127.0.0.1
- localhost
osEnvironmentConfig:
addPackageRepo: false
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.91
ingressVIP: 10.200.0.92
addressPools:
- name: pool1
addresses:
- 10.200.0.92-10.200.0.100
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
credential:
sshKeySecret:
name: ssh-key
namespace: cluster-user-ha-np
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-user-ha-np
spec:
clusterName: user-ha-np
nodes:
- address: 10.200.0.30
- address: 10.200.0.31
- address: 10.200.0.32
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np2
namespace: cluster-user-ha-np
spec:
clusterName: user-ha-np
nodes:
- address: 10.200.0.33
- address: 10.200.0.34
- address: 10.200.0.35
Cluster pengguna ketersediaan tinggi dengan OIDC
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster pengguna ini:
- Ketersediaan tinggi
- OIDC
- Di balik proxy
- Pencerminan registry
- Repositori paket pribadi
- Load balancing Lapis 2 yang dipaketkan dari Bidang Kontrol
registryMirrors:
- endpoint: https://10.194.2.13:5007/v2/test-namespace
caCertPath: /root/cert.pem
pullCredentialConfigPath: /root/dockerconfig.json
---
apiVersion: v1
kind: Namespace
metadata:
name: cluster-user-ha-oidc
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: user-ha-oidc
namespace: cluster-user-ha-oidc
spec:
type: user
profile: default
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.20
- address: 10.200.0.21
- address: 10.200.0.22
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
proxy:
url: http://10.194.2.140:3128
noProxy:
- 127.0.0.1
- localhost
osEnvironmentConfig:
addPackageRepo: false
loadBalancer:
mode: bundled
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.91
ingressVIP: 10.200.0.92
addressPools:
- name: pool1
addresses:
- 10.200.0.92-10.200.0.100
nodePoolSpec:
nodes:
- address: 10.200.0.25
- address: 10.200.0.26
- address: 10.200.0.27
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
authentication:
oidc:
issuerURL: "https://infra.example.dev/adfs"
clientID: "be654652-2c45-49ff-9d7c-3663cee9ba51"
clientSecret: "clientSecret"
kubectlRedirectURL: "http://localhost:44320/callback"
username: "unique_name"
usernamePrefix: "oidc:"
group: "groups"
groupPrefix: "oidc:"
scopes: "allatclaims"
extraParams: "resource=token-groups-claim"
deployCloudConsoleProxy: true
certificateAuthorityData: base64EncodedCACertificate
proxy: http://10.194.2.140:3128
nodeConfig:
podDensity:
maxPodsPerNode: 250
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-user-ha-oidc
spec:
clusterName: user-ha-oidc
nodes:
- address: 10.200.0.30
- address: 10.200.0.31
- address: 10.200.0.32
Cluster pengguna dengan ketersediaan tinggi dan load balancing LDAP dan BGP
Perhatikan fitur dan opsi berikut dalam konfigurasi cluster pengguna ini:
- Ketersediaan tinggi
- LDAP
- Load balancing yang dipaketkan dengan BGP
apiVersion: v1
kind: Namespace
metadata:
name: cluster-user-ha-ldap
---
apiVersion: baremetal.cluster.gke.io/v1
kind: Cluster
metadata:
name: user-ha-ldap
namespace: cluster-user-ha-ldap
spec:
type: user
profile: default
anthosBareMetalVersion: 1.31.0-gke.889
gkeConnect:
projectID: project-fleet
controlPlane:
nodePoolSpec:
nodes:
- address: 10.200.0.20
- address: 10.200.0.21
- address: 10.200.0.22
clusterNetwork:
advancedNetworking: true
pods:
cidrBlocks:
- 192.168.0.0/16
services:
cidrBlocks:
- 10.96.0.0/20
loadBalancer:
mode: bundled
type: bgp
localASN: 65001
bgpPeers:
- ip: 10.8.0.10
asn: 65002
- ip: 10.8.0.11
asn: 65002
ports:
controlPlaneLBPort: 443
vips:
controlPlaneVIP: 10.200.0.91
ingressVIP: 10.200.0.92
addressPools:
- name: pool1
addresses:
- 10.200.0.92-10.200.0.100
clusterOperations:
projectID: project-fleet
location: us-central1
storage:
lvpNodeMounts:
path: /mnt/localpv-disk
storageClassName: local-disks
lvpShare:
path: /mnt/localpv-share
storageClassName: local-shared
numPVUnderSharedPath: 5
nodeConfig:
podDensity:
maxPodsPerNode: 250
authentication:
- name: ldap
ldap:
connectionType: ldaps
group:
baseDN: ou=Groups,dc=onpremidp,dc=example,dc=net
filter: (objectClass=*)
identifierAttribute: dn
host: ldap.google.com:636
user:
baseDN: ou=Users,dc=onpremidp,dc=example,dc=net
filter: (objectClass=*)
identifierAttribute: uid
loginAttribute: uid
serviceAccountSecret:
name: google-ldap-client-secret
namespace: anthos-identity-service
type: tls
---
apiVersion: baremetal.cluster.gke.io/v1
kind: NodePool
metadata:
name: np1
namespace: cluster-user-ha-ldap
spec:
clusterName: user-ha-ldap
nodes:
- address: 10.200.0.30
- address: 10.200.0.31
- address: 10.200.0.32
---
apiVersion: networking.gke.io/v1
kind: NetworkGatewayGroup
metadata:
name: default
namespace: cluster-user-ha-ldap
spec:
floatingIPs:
- 10.0.1.100
- 10.0.2.100