kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane extraPortMappings: - protocol: TCP # This same port number is hardcoded in the integration test setup # when creating a Service on a kind cluster. It is used to talk to # the supervisor app via HTTPS. containerPort: 31243 hostPort: 12344 listenAddress: 127.0.0.1 - protocol: TCP # This same port number is hardcoded in the integration test setup # when creating a Service on a kind cluster. It is used to talk to # the Dex app. containerPort: 31235 hostPort: 12346 listenAddress: 127.0.0.1 # Kind v0.12.0 ignores kubeadm.k8s.io/v1beta2 for Kube v1.23+ but uses it for older versions of Kube. # Previous versions of Kind would use kubeadm.k8s.io/v1beta2 for all versions of Kube including 1.23. # To try to maximize compatibility with various versions of Kind and Kube, define this # ClusterConfiguration twice and hope that Kind will use the one that it likes for the given version # of Kube, and ignore the one that it doesn't like. This seems to work, at least for Kind v0.12.0. kubeadmConfigPatches: - | apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration apiServer: extraArgs: # To make sure the endpoints on our service are correct (this mostly matters for kubectl based # installs where kapp is not doing magic changes to the deployment and service selectors). # Setting this field to true makes it so that the API service will do the service cluster IP # to endpoint IP translations internally instead of relying on the network stack (i.e. kube-proxy). # The logic inside the API server is very straightforward - randomly pick an IP from the list # of available endpoints. This means that over time, all endpoints associated with the service # are exercised. For whatever reason, leaving this as false (i.e. use kube-proxy) appears to # hide some network misconfigurations when used internally by the API server aggregation layer. enable-aggregator-routing: "true" - | apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration apiServer: extraArgs: # See comment above. enable-aggregator-routing: "true"