All configuration should come from RancherOS minimal cloud-init.
Below is a reference of supported configuration. It is important
that the config always starts with #cloud-config
#cloud-config
# Add additional users or set the password/ssh keys for root
users:
- name: "bar"
passwd: "foo"
groups: "users"
homedir: "/home/foo"
shell: "/bin/bash"
ssh_authorized_keys:
- faaapploo
# Assigns these keys to the first user in users or root if there
# is none
ssh_authorized_keys:
- asdd
# Run these commands once the system has fully booted
runcmd:
- foo
# Hostname to assign
hostname: "bar"
# Write arbitrary files
write_files:
- encoding: b64
content: CiMgVGhpcyBmaWxlIGNvbnRyb2xzIHRoZSBzdGF0ZSBvZiBTRUxpbnV4
path: /foo/bar
permissions: "0644"
owner: "bar"
# Rancherd configuration
rancherd:
########################################################
# The below parameters apply to server role that first #
# initializes the cluster #
########################################################
# The Kubernetes version to be installed. This must be a k3s or RKE2 version
# v1.21 or newer. k3s and RKE2 versions always have a `k3s` or `rke2` in the
# version string.
# Valid versions are
# k3s: curl -sL https://raw.githubusercontent.com/rancher/kontainer-driver-metadata/release-v2.6/data/data.json | jq -r '.k3s.releases[].version'
# RKE2: curl -sL https://raw.githubusercontent.com/rancher/kontainer-driver-metadata/release-v2.6/data/data.json | jq -r '.rke2.releases[].version'
kubernetesVersion: v1.22.2+k3s1
# The Rancher version to be installed or a channel "latest" or "stable"
rancherVersion: v2.6.0
# Values set on the Rancher Helm chart. Refer to
# https://github.com/rancher/rancher/blob/release/v2.6/chart/values.yaml
# for possible values.
rancherValues:
# Below are the default values set
# Multi-Cluster Management is disabled by default, change to multi-cluster-management=true to enable
features: multi-cluster-management=false
# The Rancher UI will run on the host port 8443 by default. Set to 0 to disable
# and instead use ingress.enabled=true to route traffic through ingress
hostPort: 8443
# Accessing ingress is disabled by default.
ingress:
enabled: false
# Don't create a default admin password
noDefaultAdmin: true
# The negative value means it will up to that many replicas if there are
# at least that many nodes available. For example, if you have 2 nodes and
# `replicas` is `-3` then 2 replicas will run. Once you add a third node
# a then 3 replicas will run
replicas: -3
# External TLS is assumed
tls: external
# Addition SANs (hostnames) to be added to the generated TLS certificate that
# served on port 6443.
tlsSans:
- additionalhostname.example.com
# Kubernetes resources that will be created once Rancher is bootstrapped
resources:
- kind: ConfigMap
apiVersion: v1
metadata:
name: random
data:
key: value
# Contents of the registries.yaml that will be used by k3s/RKE2. The structure
# is documented at https://rancher.com/docs/k3s/latest/en/installation/private-registry/
registries: {}
# The default registry used for all Rancher container images. For more information
# refer to https://rancher.com/docs/rancher/v2.6/en/admin-settings/config-private-registry/
systemDefaultRegistry: someprefix.example.com:5000
# Advanced: The system agent installer image used for Kubernetes
runtimeInstallerImage: ...
# Advanced: The system agent installer image used for Rancher
rancherInstallerImage: ...
# Generic commands to run before bootstrapping the node.
preInstructions:
- name: something
# This image will be extracted to a temporary folder and
# set as the current working dir. The command will not run
# contained or chrooted, this is only a way to copy assets
# to the host. This is parameter is optional
image: custom/image:1.1.1
# Environment variables to set
env:
- FOO=BAR
# Program arguments
args:
- arg1
- arg2
# Command to run
command: /bin/dosomething
# Save output to /var/lib/rancher/rancherd/plan/plan-output.json
saveOutput: false
# Generic commands to run after bootstrapping the node.
postInstructions:
- name: something
env:
- FOO=BAR
args:
- arg1
- arg2
command: /bin/dosomething
saveOutput: false
###########################################
# The below parameters apply to all roles #
###########################################
# The URL to Rancher to join a node. If you have disabled the hostPort and configured
# TLS then this will be the server you have setup.
server: https://myserver.example.com:8443
# A shared secret to join nodes to the cluster
token: sometoken
# Instead of setting the server parameter above the server value can be dynamically
# determined from cloud provider metadata. This is powered by https://github.com/hashicorp/go-discover.
# Discovery requires that the hostPort is not disabled.
discovery:
params:
# Corresponds to go-discover provider name
provider: "mdns"
# All other key/values are parameters corresponding to what
# the go-discover provider is expecting
service: "rancher-server"
# If this is a new cluster it will wait until 3 server are
# available and they all agree on the same cluster-init node
expectedServers: 3
# How long servers are remembered for. It is useful for providers
# that are not consistent in their responses, like mdns.
serverCacheDuration: 1m
# The role of this node. Every cluster must start with one node as role=cluster-init.
# After that nodes can be joined using the server role for control-plane nodes and
# agent role for worker only nodes. The server/agent terms correspond to the server/agent
# terms in k3s and RKE2
role: cluster-init,server,agent
# The Kubernetes node name that will be set
nodeName: custom-hostname
# The IP address that will be set in Kubernetes for this node
address: 123.123.123.123
# The internal IP address that will be used for this node
internalAddress: 123.123.123.124
# Taints to apply to this node upon creation
taints:
- dedicated=special-user:NoSchedule
# Labels to apply to this node upon creation
labels:
- key=value