forked from awslabs/cedar-access-control-for-k8s
-
Notifications
You must be signed in to change notification settings - Fork 0
/
kind.yaml
31 lines (31 loc) · 1.05 KB
/
kind.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: cedar-cluster
# Must use kind >= v0.24.0 with K8s 1.31+
# for the following feature gates
featureGates:
AuthorizeNodeWithSelectors: true
AuthorizeWithSelectors: true
kubeadmConfigPatches:
- |
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
apiServer:
extraArgs:
authorization-config: "/cedar-authorizer/authorization-config.yaml"
audit-policy-file: "/cedar-authorizer/audit-policy.yaml"
audit-log-path: "/cedar-authorizer/logs/kube-apiserver-audit.log"
audit-log-maxsize: "50"
audit-log-maxbackup: "1"
extraVolumes:
- hostPath: /cedar-authorizer
mountPath: /cedar-authorizer
name: api-server-cedar-authorizer-files
nodes:
- role: control-plane
image: cedar-kind-node:latest
extraMounts:
- hostPath: "./mount"
containerPath: "/cedar-authorizer"
- hostPath: "./manifests/cedar-authorization-webhook.yaml"
containerPath: "/etc/kubernetes/manifests/cedar-authorization-webhook.yaml"