k8s.io/kubernetes@v1.29.3/test/e2e/testing-manifests/auth/encrypt/kind.yaml (about)

     1  kind: Cluster
     2  apiVersion: kind.x-k8s.io/v1alpha4
     3  # this containerd config patch sets the registry to the local registry where we push mock kms provider
     4  containerdConfigPatches:
     5  - |-
     6    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
     7      endpoint = ["http://kind-registry:5000"]
     8  nodes:
     9  - role: control-plane
    10    extraMounts:
    11    - containerPath: /etc/kubernetes/encryption-config.yaml
    12      hostPath: test/e2e/testing-manifests/auth/encrypt/encryption-config.yaml
    13      readOnly: true
    14      propagation: None
    15    - containerPath: /etc/kubernetes/manifests/kubernetes-kms.yaml
    16      hostPath: staging/src/k8s.io/kms/internal/plugins/_mock/kms.yaml
    17      readOnly: true
    18      propagation: None
    19    - containerPath: /etc/softhsm-config.json
    20      hostPath: test/e2e/testing-manifests/auth/encrypt/softhsm-config.json
    21      readOnly: true
    22      propagation: None
    23    kubeadmConfigPatches:
    24      - |
    25        kind: ClusterConfiguration
    26        apiServer:
    27          extraArgs:
    28            encryption-provider-config: "/etc/kubernetes/encryption-config.yaml"
    29            feature-gates: "KMSv2=true"
    30            v: "5"
    31          extraVolumes:
    32          - name: encryption-config
    33            hostPath: "/etc/kubernetes/encryption-config.yaml"
    34            mountPath: "/etc/kubernetes/encryption-config.yaml"
    35            readOnly: true
    36            pathType: File
    37          - name: sock-path
    38            hostPath: "/tmp"
    39            mountPath: "/tmp"
    40        scheduler:
    41          extraArgs:
    42            v: "5"
    43        controllerManager:
    44          extraArgs:
    45            v: "5"
    46  - role: worker
    47  - role: worker
    48  - role: worker