mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
032160a85efd1e86d87ee86ccc986a49b316ec37
pinniped/hack/lib/kind-config/single-node.yaml
Ryan Richard 032160a85e simplify single-node.yaml 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
2024-11-27 13:53:03 -06:00

65 lines
2.6 KiB
YAML
Raw Blame History

#@ load("@ytt:data", "data")
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraPortMappings:
- protocol: TCP
#! This same port number is hardcoded in the integration test setup
#! when creating a Service on a kind cluster. It is used to talk to
#! the supervisor app via HTTPS.
containerPort: 31243
hostPort: 12344
listenAddress: 127.0.0.1
- protocol: TCP
#! This same port number is hardcoded in the integration test setup
#! when creating a Service on a kind cluster. It is used to talk to
#! the Dex app.
containerPort: 31235
hostPort: 12346
listenAddress: 127.0.0.1
#@ if data.values.enable_audit_logs:
#! mount the local file on the control plane
extraMounts:
- hostPath: /tmp/metadata-audit-policy.yaml
containerPath: /etc/kubernetes/policies/audit-policy.yaml
readOnly: true
#@ end
#! Apply these patches to all nodes.
kubeadmConfigPatches:
- |
kind: ClusterConfiguration
apiServer:
extraArgs:
#! To make sure the endpoints on our service are correct (this mostly matters for kubectl based
#! installs where kapp is not doing magic changes to the deployment and service selectors).
#! Setting this field to true makes it so that the API service will do the service cluster IP
#! to endpoint IP translations internally instead of relying on the network stack (i.e. kube-proxy).
#! The logic inside the API server is very straightforward - randomly pick an IP from the list
#! of available endpoints. This means that over time, all endpoints associated with the service
#! are exercised. For whatever reason, leaving this as false (i.e. use kube-proxy) appears to
#! hide some network misconfigurations when used internally by the API server aggregation layer.
enable-aggregator-routing: "true"
#@ if data.values.enable_audit_logs:
- |
kind: ClusterConfiguration
apiServer:
#! enable auditing flags on the API server
extraArgs:
audit-log-path: /var/log/kubernetes/kube-apiserver-audit.log
audit-policy-file: /etc/kubernetes/policies/audit-policy.yaml
#! mount new files / directories on the control plane
extraVolumes:
- name: audit-policies
hostPath: /etc/kubernetes/policies
mountPath: /etc/kubernetes/policies
readOnly: true
pathType: "DirectoryOrCreate"
- name: "audit-logs"
hostPath: "/var/log/kubernetes"
mountPath: "/var/log/kubernetes"
readOnly: false
pathType: DirectoryOrCreate
#@ end
Reference in New Issue View Git Blame Copy Permalink