Add new infra architecture
This commit is contained in:
Urtzi Alfaro
@@ -1,49 +1,82 @@
|
||||
kind: Cluster
|
||||
apiVersion: kind.x-k8s.io/v1alpha4
|
||||
name: bakery-ia-local
|
||||
|
||||
# Networking configuration
|
||||
networking:
|
||||
podSubnet: "10.244.0.0/16"
|
||||
serviceSubnet: "10.96.0.0/12"
|
||||
|
||||
nodes:
|
||||
- role: control-plane
|
||||
# Increase resource limits for the Kind node to handle multiple services
|
||||
kubeadmConfigPatches:
|
||||
- |
|
||||
kind: InitConfiguration
|
||||
nodeRegistration:
|
||||
kubeletExtraArgs:
|
||||
node-labels: "ingress-ready=true"
|
||||
# Increase max pods for development environment
|
||||
max-pods: "200"
|
||||
node-labels: "ingress-ready=true,architecture=arm64"
|
||||
max-pods: "250"
|
||||
eviction-hard: "memory.available<500Mi,nodefs.available<10%"
|
||||
fail-swap-on: "false"
|
||||
- |
|
||||
kind: ClusterConfiguration
|
||||
# Increase API server memory and other parameters for local dev
|
||||
apiServer:
|
||||
extraArgs:
|
||||
encryption-provider-config: /etc/kubernetes/enc/encryption-config.yaml
|
||||
max-requests-inflight: "2000"
|
||||
max-mutating-requests-inflight: "1000"
|
||||
extraVolumes:
|
||||
- name: encryption-config
|
||||
hostPath: /etc/kubernetes/enc
|
||||
mountPath: /etc/kubernetes/enc
|
||||
readOnly: true
|
||||
pathType: DirectoryOrCreate
|
||||
# Mount encryption keys for secure development
|
||||
controllerManager:
|
||||
extraArgs:
|
||||
horizontal-pod-autoscaler-sync-period: "10s"
|
||||
node-monitor-grace-period: "20s"
|
||||
scheduler:
|
||||
extraArgs:
|
||||
kube-api-qps: "50"
|
||||
kube-api-burst: "100"
|
||||
|
||||
extraMounts:
|
||||
- hostPath: ./infrastructure/kubernetes/encryption
|
||||
- hostPath: ./infrastructure/platform/security/encryption
|
||||
containerPath: /etc/kubernetes/enc
|
||||
readOnly: true
|
||||
# Port mappings for local access
|
||||
|
||||
extraPortMappings:
|
||||
# HTTP ingress - nginx ingress controller uses hostPort: 80
|
||||
- containerPort: 80
|
||||
hostPort: 80
|
||||
protocol: TCP
|
||||
# HTTPS ingress - nginx ingress controller uses hostPort: 443
|
||||
listenAddress: "0.0.0.0"
|
||||
- containerPort: 443
|
||||
hostPort: 443
|
||||
protocol: TCP
|
||||
# Direct frontend access (backup)
|
||||
listenAddress: "0.0.0.0"
|
||||
- containerPort: 30300
|
||||
hostPort: 3000
|
||||
protocol: TCP
|
||||
# Direct gateway access (backup)
|
||||
listenAddress: "0.0.0.0"
|
||||
- containerPort: 30800
|
||||
hostPort: 8000
|
||||
protocol: TCP
|
||||
protocol: TCP
|
||||
listenAddress: "0.0.0.0"
|
||||
- containerPort: 30080
|
||||
hostPort: 30080
|
||||
protocol: TCP
|
||||
listenAddress: "0.0.0.0"
|
||||
- containerPort: 30443
|
||||
hostPort: 30443
|
||||
protocol: TCP
|
||||
listenAddress: "0.0.0.0"
|
||||
|
||||
containerdConfigPatches:
|
||||
- |-
|
||||
[plugins."io.containerd.grpc.v1.cri"]
|
||||
sandbox_image = "registry.k8s.io/pause:3.9"
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd]
|
||||
snapshotter = "overlayfs"
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
|
||||
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
|
||||
runtime_type = "io.containerd.runc.v2"
|
||||
|
||||
Reference in New Issue
Block a user