Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
kind: Cluster
apiVersion: kind.sigs.k8s.io/v1alpha4
kubeadmConfigPatches:
- |
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
evictionHard:
nodefs.available: "0%"
- |
kind: ClusterConfiguration
metadata:
name: config
apiServer:
extraArgs:
"feature-gates": "TokenRequest=true"
"service-account-key-file": "/etc/kubernetes/sa-keys/sa-signer-pkcs8.pub"
"service-account-signing-key-file" : "/etc/kubernetes/sa-keys/sa-signer.key"
"api-audiences" : "my.audience.com"
"service-account-issuer" : "https://my.issuer.com"
extraVolumes:
- name: sa-keys
hostPath: "/etc/kubernetes/sa-keys"
mountPath: "/etc/kubernetes/sa-keys"
readOnly: true
# patch it further using a JSON 6902 patch
kubeadmConfigPatchesJSON6902:
- group: kubeadm.k8s.io
version: v1beta2
kind: ClusterConfiguration
patch: |
- op: add
path: /apiServer/certSANs/-
value: my-hostname
nodes:
- role: control-plane
extraMounts:
- containerPath: /etc/kubernetes/sa-keys
hostPath: /tmp/sa-keys
readOnly: true
- role: worker
- role: worker
- role: worker
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment