pkg/executables/config/kind.yaml (78 lines of code) (raw):
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
networking:
podSubnet: {{ .PodSubnet }}
serviceSubnet: {{ .ServiceSubnet }}
kubeadmConfigPatches:
- |
kind: ClusterConfiguration
dns:
type: CoreDNS
imageRepository: {{.CorednsRepository}}
imageTag: {{.CorednsVersion}}
etcd:
local:
imageRepository: {{.EtcdRepository}}
imageTag: {{.EtcdVersion}}
imageRepository: {{.KubernetesRepository}}
kubernetesVersion: {{.KubernetesVersion}}
apiServer:
# enable auditing flags on the API server
extraArgs:
audit-log-maxage: "30"
audit-log-maxbackup: "10"
audit-log-maxsize: "512"
audit-log-path: /var/log/kubernetes/api-audit.log
audit-policy-file: /etc/kubernetes/policies/audit-policy.yaml
# mount new files / directories on the control plane
extraVolumes:
- name: audit-policies
hostPath: /etc/kubernetes/policies
mountPath: /etc/kubernetes/policies
readOnly: true
pathType: DirectoryOrCreate
- name: audit-logs
hostPath: /var/log/kubernetes
mountPath: /var/log/kubernetes
readOnly: false
pathType: DirectoryOrCreate
{{- if .RegistryMirrorMap }}
containerdConfigPatches:
- |
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
{{- range $orig, $mirror := .RegistryMirrorMap }}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ $orig }}"]
endpoint = ["https://{{ $mirror }}"]
{{- end }}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .MirrorBase }}".tls]
{{- if (eq .RegistryCACertPath "") }}
insecure_skip_verify = true
{{- else }}
ca_file = "/etc/containerd/certs.d/{{ .MirrorBase }}/ca.crt"
{{- end }}
{{- if .RegistryAuth }}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .MirrorBase }}".auth]
username = "{{.RegistryUsername}}"
password = "{{.RegistryPassword}}"
{{- end }}
{{- end }}
nodes:
- role: control-plane
extraMounts:
- hostPath: {{ .AuditPolicyPath }}
containerPath: /etc/kubernetes/policies/audit-policy.yaml
readOnly: true
{{- if (ne .RegistryCACertPath "") }}
- containerPath: /etc/containerd/certs.d
hostPath: {{.RegistryCACertPath}}
readOnly: true
{{- end }}
{{- if .DockerExtraMounts }}
- hostPath: /var/run/docker.sock
containerPath: /var/run/docker.sock
{{- end }}
{{- if ne (len .ExtraPortMappings) 0 }}
extraPortMappings:
{{- range .ExtraPortMappings }}
- containerPort: {{ . }}
hostPort: {{ . }}
{{- end }}
{{- end }}