142 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			142 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env bash
 | |
| 
 | |
| source .utils
 | |
| 
 | |
| NAME=""
 | |
| VERSION="1.34.0@sha256:7416a61b42b1662ca6ca89f02028ac133a309a2a30ba309614e8ec94d976dc5a"
 | |
| NODES="2"
 | |
| FEATURE_GATES="MutatingAdmissionPolicy"
 | |
| RUNTIME_CONFIG="admissionregistration.k8s.io/v1alpha1"
 | |
| AUDIT_POLICY=""
 | |
| 
 | |
| print_usage() {
 | |
|   orange "kind-create-cluster - create a Kind cluster"
 | |
|   echo " "
 | |
|   underline "Usage:"
 | |
|   echo "kind-create-cluster [cluster-name]"
 | |
|   echo " "
 | |
|   echo " "
 | |
|   underline "Options:"
 | |
|   echo "-h, --help            show this help text"
 | |
|   echo "-v, --version         the version of kubernetes to use (default: ${VERSION})"
 | |
|   echo "-n, --nodes           the number of worker nodes (default: ${NODES})"
 | |
|   echo "-f, --feature-gates   a comma seperated list of feature-gates to enable (default: ${FEATURE_GATES})"
 | |
|   echo "-r, --runtime-config  a comma seperated list of API versions to enable (default: ${RUNTIME_CONFIG})"
 | |
|   echo "    --audit-policy    a file containing the audit policy config"
 | |
| }
 | |
| 
 | |
| while test $# -gt 0; do
 | |
|   case "$1" in
 | |
|     -n|--nodes)
 | |
|       shift
 | |
|       NODES=$1
 | |
|       shift
 | |
|       ;;
 | |
|     -v|--version)
 | |
|       shift
 | |
|       VERSION=$1
 | |
|       shift
 | |
|       ;;
 | |
|     -f|--feature-gates)
 | |
|       shift
 | |
|       FEATURE_GATES=$1
 | |
|       shift
 | |
|       ;;
 | |
|     -r|--runtime-config)
 | |
|       shift
 | |
|       RUNTIME_CONFIG=$1
 | |
|       shift
 | |
|       ;;
 | |
|     --audit-policy)
 | |
|       shift
 | |
|       AUDIT_POLICY=$1
 | |
|       shift
 | |
|       ;;
 | |
|     -h|--help)
 | |
|       print_usage
 | |
|       exit 0
 | |
|       ;;
 | |
|     *)
 | |
|       break
 | |
|       ;;
 | |
|   esac
 | |
| done
 | |
| 
 | |
| # Positional args
 | |
| NAME=${1:-$(LC_ALL=C tr -dc a-z </dev/urandom | head -c 10)}
 | |
| 
 | |
| function node() {
 | |
|   TYPE=$1
 | |
|   COUNT=$2
 | |
|   for ((i = 1 ; i <= $COUNT ; i++)); do
 | |
|     echo "- role: ${TYPE}"
 | |
|     echo "  image: kindest/node:${VERSION}"
 | |
|     if [[ "${AUDIT_POLICY}" != "" ]]; then
 | |
|       if [[ "${TYPE}" == "control-plane" ]]; then
 | |
|         echo "  kubeadmConfigPatches:"
 | |
|         echo "  - |"
 | |
|         echo "    kind: ClusterConfiguration"
 | |
|         echo "    apiServer:"
 | |
|         echo "        extraArgs:"
 | |
|         echo "          audit-log-path: /var/log/kubernetes/kube-apiserver-audit.log"
 | |
|         echo "          audit-policy-file: /etc/kubernetes/policies/audit-policy.yaml"
 | |
|         echo "        extraVolumes:"
 | |
|         echo "          - name: audit-policies"
 | |
|         echo "            hostPath: /etc/kubernetes/policies"
 | |
|         echo "            mountPath: /etc/kubernetes/policies"
 | |
|         echo "            readOnly: true"
 | |
|         echo "            pathType: "DirectoryOrCreate""
 | |
|         echo "          - name: "audit-logs""
 | |
|         echo "            hostPath: "/var/log/kubernetes""
 | |
|         echo "            mountPath: "/var/log/kubernetes""
 | |
|         echo "            readOnly: false"
 | |
|         echo "            pathType: DirectoryOrCreate"
 | |
|         echo "  extraMounts:"
 | |
|         echo "  - hostPath: ${AUDIT_POLICY}"
 | |
|         echo "    containerPath: /etc/kubernetes/policies/audit-policy.yaml"
 | |
|         echo "    readOnly: true"
 | |
|       fi
 | |
|     fi
 | |
|   done
 | |
| }
 | |
| 
 | |
| function feature-gates() {
 | |
|   if [[ "${FEATURE_GATES}" != "" ]]; then
 | |
|     echo "featureGates:"
 | |
|     FEATURES=(${FEATURE_GATES//,/ })
 | |
|     for f in "${FEATURES[@]}"; do
 | |
|       echo "  \"${f}\": true"
 | |
|     done
 | |
|   fi
 | |
| }
 | |
| 
 | |
| function runtime-config() {
 | |
|   if [[ "${RUNTIME_CONFIG}" != "" ]]; then
 | |
|     echo "runtimeConfig:"
 | |
|     RUNTIME=(${RUNTIME_CONFIG//,/ })
 | |
|     for f in "${RUNTIME[@]}"; do
 | |
|       echo "  \"${f}\": true"
 | |
|     done
 | |
|   fi
 | |
| }
 | |
| 
 | |
| CONFIG="kind: Cluster
 | |
| apiVersion: kind.x-k8s.io/v1alpha4
 | |
| name: ${NAME}
 | |
| nodes:
 | |
| $(node "control-plane" 1)
 | |
| $(node "worker" $NODES)
 | |
| $(feature-gates)
 | |
| $(runtime-config)
 | |
| "
 | |
| 
 | |
| CONFIG_FILE=`mktemp`
 | |
| 
 | |
| echo "${CONFIG}" > ${CONFIG_FILE}
 | |
| 
 | |
| cat ${CONFIG_FILE}
 | |
| 
 | |
| kind create cluster --config ${CONFIG_FILE}
 | |
| 
 | |
| kind get kubeconfig --name ${NAME} > ~/.kube/clusters/kind.yaml
 |