kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
# this containerd config patch sets the registry to the local registry where we push mock kms provider
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
endpoint = ["http://kind-registry:5000"]
nodes:
- role: control-plane
extraMounts:
- containerPath: /etc/kubernetes/encryption-config.yaml
hostPath: test/e2e/testing-manifests/auth/encrypt/encryption-config.yaml
readOnly: true
propagation: None
- containerPath: /etc/kubernetes/manifests/kubernetes-kms.yaml
hostPath: staging/src/k8s.io/kms/internal/plugins/_mock/kms.yaml
readOnly: true
propagation: None
- containerPath: /etc/softhsm-config.json
hostPath: test/e2e/testing-manifests/auth/encrypt/softhsm-config.json
readOnly: true
propagation: None
kubeadmConfigPatches:
- |
kind: ClusterConfiguration
apiServer:
extraArgs:
encryption-provider-config: "/etc/kubernetes/encryption-config.yaml"
v: "5"
extraVolumes:
- name: encryption-config
hostPath: "/etc/kubernetes/encryption-config.yaml"
mountPath: "/etc/kubernetes/encryption-config.yaml"
readOnly: true
pathType: File
- name: sock-path
hostPath: "/tmp"
mountPath: "/tmp"
scheduler:
extraArgs:
v: "5"
controllerManager:
extraArgs:
v: "5"
- role: worker
- role: worker
- role: worker