# This configs KinD to spin up a k8s cluster with trustworthy jwt (Service Account Token Volume Projection) feature.
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
networking:
  ipFamily: "ipv4"
  kubeProxyMode: "iptables"
  podSubnet: "10.247.0.0/16"
  serviceSubnet: "10.248.0.0/16"
nodes:
- role: control-plane
- role: worker
- role: worker
kubeadmConfigPatches:
  - |
    apiVersion: kubeadm.k8s.io/v1beta2
    kind: JoinConfiguration
    metadata:
      name: config
    nodeRegistration:
      kubeletExtraArgs:
        cgroup-root: "/kubelet"
  - |
    apiVersion: kubeadm.k8s.io/v1beta2
    kind: InitConfiguration
    metadata:
      name: config
    nodeRegistration:
      kubeletExtraArgs:
        cgroup-root: "/kubelet"
  - |
    apiVersion: kubeadm.k8s.io/v1beta2
    kind: ClusterConfiguration
    metadata:
      name: config
    controllerManager:
      extraArgs:
        "v": "4"
    scheduler:
      extraArgs:
        "v": "4"
    etcd:
      local:
        # Run etcd in a tmpfs (in RAM) for performance improvements
        dataDir: /tmp/kind-cluster-etcd
    apiServer:
      extraArgs:
        "v": "4"
        "service-account-issuer": "kubernetes.default.svc"
        "service-account-signing-key-file": "/etc/kubernetes/pki/sa.key"
containerdConfigPatches:
  - |-
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
      endpoint = ["http://kind-registry:5000"]