forked from gocardless/theatre
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkind-e2e.yaml
34 lines (34 loc) · 1.24 KB
/
kind-e2e.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# We need to configure the networking of our kind cluster in order to expose the
# api server to containers running within Kind. Without explicitly listining on
# 0.0.0.0, any pod attempting to communicate with the api-server will resolve a
# https://localhost:<port> address, which won't be the same interface as the
# control-plane host.
#
# Our vault acceptance tests require api-server access for token reviews.
---
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
networking:
apiServerAddress: 0.0.0.0
apiServerPort: 19090
nodes:
- role: control-plane
extraPortMappings:
# Expose the Vault service, so we can talk to it locally
- containerPort: 32000
hostPort: 8200
protocol: tcp
kubeadmConfigPatches:
# Enable projected service account keys, as per:
# https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
- |
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
metadata:
name: config
apiServer:
extraArgs:
service-account-issuer: api
service-account-signing-key-file: /etc/kubernetes/pki/sa.key
service-account-key-file: /etc/kubernetes/pki/sa.pub
service-account-api-audiences: api