-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkind.yml
executable file
·74 lines (74 loc) · 2.85 KB
/
kind.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: kubernetes-stack
featureGates:
# Kubernetes 1.31 - Alpha
# https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
ImageVolume: true
nodes:
- role: control-plane
image: kindest/node:v1.32.0
# Need By Falco : https://gist.github.com/Issif/e17c9294b4e1a76a274db387fe58343c
extraMounts:
# Allow Falco to use devices provided by the kernel module
- hostPath: /dev
containerPath: /dev
# allow Falco to use the Docker unix socket
- hostPath: /var/run/docker.sock
containerPath: /var/run/docker.sock
# mount config files for kind
- hostPath: security/falco/k8s-audit-config/webhook-config.yaml
containerPath: /etc/kubernetes/policies/webhook-config.yaml
readOnly: true
- hostPath: security/falco/k8s-audit-config/audit-policy.yaml
containerPath: /etc/kubernetes/policies/audit-policy.yaml
readOnly: true
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true,kourier-ready=true,gateway-ready=true"
# Need By Falco : https://gist.github.com/Issif/e17c9294b4e1a76a274db387fe58343c
- |
kind: ClusterConfiguration
apiServer:
# enable auditing flags on the API server
extraArgs:
audit-webhook-config-file: /etc/kubernetes/policies/webhook-config.yaml
audit-policy-file: /etc/kubernetes/policies/audit-policy.yaml
# mount new files / directories on the control plane
extraVolumes:
- name: audit-policies
hostPath: /etc/kubernetes/policies
mountPath: /etc/kubernetes/policies
readOnly: true
pathType: "DirectoryOrCreate"
extraPortMappings:
# Nginx : expose port 80 (HostPort) of the node on which Nginx is deployed, to port 80 on the host (DevContainer).
- containerPort: 80
hostPort: 80
protocol: TCP
# Knative : expose port 31080 (NodePort) of all k8s nodes, to port 8080 on the host (DevContainer), later to be use by kourier.
- containerPort: 31080
hostPort: 8080
protocol: TCP
# Nginx Gateway Fabric : expose port 30080 (NodePort) of all k8s nodes, to port 9080 on the host (DevContainer), later to be use by kourier.
- containerPort: 30080
hostPort: 9080
protocol: TCP
# Knative : expose port 31443 (NodePort) of all k8s nodes, to port 8443 on the host (DevContainer), later to be use by kourier.
- containerPort: 31443
hostPort: 8443
protocol: TCP
# Nginx Gateway Fabric : expose port 30443 (NodePort) of all k8s nodes, to port 9443 on the host (DevContainer), later to be use by kourier.
- containerPort: 30443
hostPort: 9443
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCP
- role: worker
image: kindest/node:v1.32.0
- role: worker
image: kindest/node:v1.32.0