diff --git a/Makefile b/Makefile index c5ce561..3a1ae7f 100644 --- a/Makefile +++ b/Makefile @@ -41,9 +41,9 @@ $(HELM): .PHONY: kind-create-cluster kind-create-cluster: $(KIND) ## Create kind cluster @echo Create kind cluster... >&2 - @$(KIND) create cluster --name $(KIND_NAME) --image $(KIND_IMAGE) --config ./scripts/config/kind/$(KIND_CONFIG).yaml + @$(KIND) create cluster --name $(KIND_NAME) --image $(KIND_IMAGE) --config ./config/kind/default.yaml .PHONY: kind-install-kyverno kind-install-kyverno: $(HELM) helm-update-repo ## Install kyverno helm chart @echo Install kyverno chart... >&2 - @$(HELM) upgrade --install kyverno --namespace kyverno --create-namespace --wait kyverno/kyverno --devel --values ./configs/standard/kyverno.yaml \ No newline at end of file + @$(HELM) upgrade --install kyverno --namespace kyverno --create-namespace --wait kyverno/kyverno --devel --values ./configs/kyverno/kyverno.yaml \ No newline at end of file diff --git a/configs/kind/default.yaml b/configs/kind/default.yaml new file mode 100644 index 0000000..9438061 --- /dev/null +++ b/configs/kind/default.yaml @@ -0,0 +1,36 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +kubeadmConfigPatches: + - |- + kind: ClusterConfiguration + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + etcd: + local: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2382 + scheduler: + extraArgs: + bind-address: 0.0.0.0 + - |- + kind: KubeProxyConfiguration + metricsBindAddress: 0.0.0.0 +nodes: + - role: control-plane + kubeadmConfigPatches: + - |- + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 80 + hostPort: 80 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP + - role: worker + - role: worker + - role: worker diff --git a/configs/kind/tracing.yaml b/configs/kind/tracing.yaml new file mode 100644 index 0000000..598a1af --- /dev/null +++ b/configs/kind/tracing.yaml @@ -0,0 +1,56 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +kubeadmConfigPatches: + - |- + kind: ClusterConfiguration + apiServer: + extraVolumes: + - name: tracing-configuration + hostPath: /opt/kube-apiserver/tracing-configuration.yaml + mountPath: /opt/kube-apiserver/tracing-configuration.yaml + readOnly: true + pathType: File + extraArgs: + tracing-config-file: /opt/kube-apiserver/tracing-configuration.yaml + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + etcd: + local: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2382 + scheduler: + extraArgs: + bind-address: 0.0.0.0 + - |- + kind: KubeProxyConfiguration + metricsBindAddress: 0.0.0.0 + - |- + kind: KubeletConfiguration + featureGates: + KubeletTracing: true + tracing: + endpoint: localhost:4317 + samplingRatePerMillion: 1000000 +nodes: + - role: control-plane + kubeadmConfigPatches: + - |- + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraMounts: + - hostPath: ./scripts/config/kube-apiserver/tracing-configuration.yaml + containerPath: /opt/kube-apiserver/tracing-configuration.yaml + readOnly: true + extraPortMappings: + - containerPort: 80 + hostPort: 80 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP + - role: worker + - role: worker + - role: worker diff --git a/configs/kind/vap-v1alpha1.yaml b/configs/kind/vap-v1alpha1.yaml new file mode 100644 index 0000000..b6d1c2a --- /dev/null +++ b/configs/kind/vap-v1alpha1.yaml @@ -0,0 +1,40 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +featureGates: + ValidatingAdmissionPolicy: true +runtimeConfig: + admissionregistration.k8s.io/v1alpha1: true +kubeadmConfigPatches: + - |- + kind: ClusterConfiguration + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + etcd: + local: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2382 + scheduler: + extraArgs: + bind-address: 0.0.0.0 + - |- + kind: KubeProxyConfiguration + metricsBindAddress: 0.0.0.0 +nodes: + - role: control-plane + kubeadmConfigPatches: + - |- + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 80 + hostPort: 80 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP + - role: worker + - role: worker + - role: worker diff --git a/configs/kind/vap-v1beta1.yaml b/configs/kind/vap-v1beta1.yaml new file mode 100644 index 0000000..8b9b433 --- /dev/null +++ b/configs/kind/vap-v1beta1.yaml @@ -0,0 +1,41 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +featureGates: + ValidatingAdmissionPolicy: true +runtimeConfig: + admissionregistration.k8s.io/v1beta1: true + admissionregistration.k8s.io/v1alpha1: true +kubeadmConfigPatches: + - |- + kind: ClusterConfiguration + controllerManager: + extraArgs: + bind-address: 0.0.0.0 + etcd: + local: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2382 + scheduler: + extraArgs: + bind-address: 0.0.0.0 + - |- + kind: KubeProxyConfiguration + metricsBindAddress: 0.0.0.0 +nodes: + - role: control-plane + kubeadmConfigPatches: + - |- + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 80 + hostPort: 80 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP + - role: worker + - role: worker + - role: worker diff --git a/configs/standard/values.yaml b/configs/standard/values.yaml deleted file mode 100644 index cd9d7a1..0000000 --- a/configs/standard/values.yaml +++ /dev/null @@ -1,40 +0,0 @@ -features: - admissionReports: - enabled: false - omitEvents: - eventTypes: - - PolicyViolation - - PolicyApplied - - PolicyError - - PolicySkipped - -admissionController: - - serviceMonitor: - enabled: true - - container: - image: - tag: release-1.11 - - resources: - limits: - memory: 2Gi - requests: - cpu: 1 - memory: 1Gi - -reportsController: - serviceMonitor: - enabled: true - - container: - image: - tag: release-1.11 - - resources: - limits: - memory: 10Gi - requests: - cpu: 1 - memory: 1Gi \ No newline at end of file