This repository has been archived by the owner on Dec 13, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmultinodecluster-with-auditlog_konnectivity.yaml
59 lines (59 loc) · 2.01 KB
/
multinodecluster-with-auditlog_konnectivity.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# three node (two workers) cluster config
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
kubeadmConfigPatches:
- |
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
metadata:
name: config
apiServer:
extraArgs:
audit-policy-file: /etc/kubernetes/audit/audit-policy.yaml
audit-log-path: /auditlog/audit.log
egress-selector-config-file: /etc/kubernetes/konnectivity/egress-selector-configuration.yaml
service-account-issuer: kubernetes.default.svc
service-account-signing-key-file: /etc/kubernetes/pki/sa.key
token-auth-file: /etc/kubernetes/konnectivity/known_tokens.csv
extraVolumes:
- name: konnectivity
pathType: Directory
readOnly: true
hostPath: /etc/kubernetes/konnectivity
mountPath: /etc/kubernetes/konnectivity
# - name: pki
# pathType: Directory
# readOnly: true
# hostPath: /etc/kubernetes/pki
# mountPath: /etc/kubernetes/pki
- name: konnectivity-uds
pathType: Directory
readOnly: false
hostPath: /etc/srv/kubernetes/konnectivity-server
mountPath: /etc/srv/kubernetes/konnectivity-server
- name: auditpolicy
pathType: File
readOnly: true
hostPath: /etc/kubernetes/audit/audit-policy.yaml
mountPath: /etc/kubernetes/audit/audit-policy.yaml
- name: auditlog
# Mounting just the file caused a problem with log rotation.
# For the real apiserver in the gardener environment this needs to be an emptyDir mount. We'll do that by patching the manifest and leaving the volume out of the kind config.
pathType: Directory
readOnly: False
hostPath: /var/log/audit
mountPath: /auditlog
nodes:
- role: control-plane
extraMounts:
- containerPath: /etc/srv/kubernetes/konnectivity-server
hostPath: konnectivity-uds/
readOnly: false
- containerPath: /etc/kubernetes/
hostPath: kind-etc-kubernetes/
readOnly: false
- containerPath: /var/log/audit
hostPath: auditlog/
readOnly: false
- role: worker
- role: worker