Kind - Quickstart with Ingress Controller and more…
Helper to create a realistic Kubernetes in docker (kind) cluster.
Requirements
Features
- Ingress support with traefik
- Auto SSL certificates with cert-manager
- OIDC (optional)
- DockerHub proxy (optional) to avoid reaching pull limit.
- Custom CNI (canal or calico) for NetworkPolicy support (optional).
- RWX PersistentVolume with
extraMounts(/var/devbox).
Parameters
The kind/quickstart.sh scripts supports the following environment values :
| Name | Description | Default value |
|---|---|---|
KIND_CLUSTER_NAME |
The name of the kind cluster | devbox |
KIND_WORKER_COUNT |
The number of worker node | 3 |
KIND_CNI |
Customize CNI using “default”, “calico” or “canal” (note that default doesn’t supports NetworkPolicies) | default |
KIND_ADMISSION_PLUGINS |
Allows to customize admission plugins | NodeRestriction,ResourceQuota |
DEVBOX_INGRESS (1) |
Allows to install either traefik | traefik |
KIND_INGRESS_READY |
Allows to disable extraPortMappings on ports 80 and 443 |
1 |
DOCKERHUB_PROXY |
Allows to use a mirror for DockerHub (ex : https://mirror.gcr.io from Google) | "" |
KIND_OIDC_ISSUER_URL (2) |
URL of the OIDC provider (ex : https://keycloak.example.com/realms/master), if empty OIDC will be disabled |
"" |
KIND_OIDC_CLIENT_ID |
Required value used to check audience in OIDC token | "kubernetes" |
KIND_OIDC_USERNAME_CLAIM |
Name of the claim in OIDC token to use as username | "email" |
KIND_OIDC_USERNAME_PREFIX |
Prefix to add to username from OIDC token | "odic:" |
KIND_OIDC_GROUPS_PREFIX |
Prefix to add to group names from OIDC token | "odic:" |
(1) Note that
k8s-install.shmust use the same value. (2) Do not add useless “/” (${KIND_OIDC_ISSUER_URL}/.well-known/openid-configurationmust exists)
Usage
# Delete cluster if exists
kind delete clusters devbox
# Create kind cluster and deploy
bash kind/quickstart.sh
How it works?
The kind/config/generate.sh script allows to generate kind configuration with some options :
# Number of worker nodes
export KIND_WORKER_COUNT=5
# enable OIDC auth on Kubernetes API
export KIND_OIDC_ISSUER_URL=https://keycloak.quadtreeworld.net/realms/master
# IMPORTANT : Use a mirror for DockerHub (ex : mirror.gcr.io from Google)
# see also : https://docs.docker.com/docker-hub/image-library/mirror/#run-a-registry-as-a-pull-through-cache
export DOCKERHUB_PROXY=https://mirror.gcr.io
# Install custom CNI (required for NetworkPolicies)
# default, calico or canal
export KIND_CNI=calico
# Generate config to create kind cluster
bash kind/config/generate.sh
Note that :
extraPortMappingsis configured to allow the deployment of an ingress controller on the master node (like config/ingress-ready.yaml)extraMountsof/var/devboxon/devboxallows RWX PV creation (see PV and PVC in docs/nginx-rwx.yml)