From 6dd3b05e5ded2fbc0726f56e195844db94c32cf4 Mon Sep 17 00:00:00 2001
From: Nir Soffer <nsoffer@redhat.com>
Date: Fri, 6 Sep 2024 05:19:39 +0300
Subject: [PATCH 1/3] Modify flannel to use lima0 interface

Change taken from k8s-lima repo[1]. In my tests it does not make any
difference, posting for testing on other system.

[1] https://github.com/raghavendra-talur/k8s-lima

Thanks: Raghavendra Talur <rtalur@redhat.com>
Signed-off-by: Nir Soffer <nsoffer@redhat.com>
---
 test/drenv/providers/lima/k8s.yaml | 31 ++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/test/drenv/providers/lima/k8s.yaml b/test/drenv/providers/lima/k8s.yaml
index d578755ec..cd7b917cd 100644
--- a/test/drenv/providers/lima/k8s.yaml
+++ b/test/drenv/providers/lima/k8s.yaml
@@ -148,12 +148,35 @@ provision:
         StatefulSetAutoDeletePVC: true
       EOF
       kubeadm init --config kubeadm-config.yaml
-      # Installing a Pod network add-on
-      kubectl apply -f https://github.com/flannel-io/flannel/releases/download/v0.24.0/kube-flannel.yml
-      # Control plane node isolation
-      kubectl taint nodes --all node-role.kubernetes.io/control-plane-
+      # Copy kubeconfig to default location.
       mkdir -p ${HOME:-/root}/.kube && cp -f $KUBECONFIG ${HOME:-/root}/.kube/config
 
+  # Deploy additional components
+  - mode: system
+    script: |
+      #!/bin/bash
+      set -eux -o pipefail
+      export KUBECONFIG=/etc/kubernetes/admin.conf
+
+      echo "Removing control-plane taint from nodes"
+      kubectl taint nodes --all node-role.kubernetes.io/control-plane-
+
+      echo "Deploying flannel"
+      flannel=$(mktemp -d /tmp/deploy-flannel.XXXXXX)
+      cat <<EOF >$flannel/kustomization.yaml
+      resources:
+        - https://github.com/flannel-io/flannel/releases/download/v0.24.0/kube-flannel.yml
+      patches:
+        - target:
+            kind: DaemonSet
+            name: kube-flannel-ds
+          patch: |-
+            - op: add
+              path: /spec/template/spec/containers/0/args/-
+              value: --iface=lima0
+      EOF
+      kubectl apply -k $flannel
+
   - mode: system
     script: |
       #!/bin/bash

From 120cc0a9c9deb1ea953b6a4d86ed110111ffa756 Mon Sep 17 00:00:00 2001
From: Nir Soffer <nsoffer@redhat.com>
Date: Sat, 7 Sep 2024 00:08:10 +0300
Subject: [PATCH 2/3] Enable masqueradeAll in kube-proxy

Enable the option for iptables[1] and nftables[2]. I'm not sure which
one we use but it does not harm to change the one we don't use.

Change taken from k8s-lima repo[3]. In my tests it does not make any
difference, posting for testing on other system.

[1] https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/#kubeproxy-config-k8s-io-v1alpha1-KubeProxyIPTablesConfiguration
[2] https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/#kubeproxy-config-k8s-io-v1alpha1-KubeProxyNFTablesConfiguration
[3] https://github.com/raghavendra-talur/k8s-lima

Thanks: Raghavendra Talur <rtalur@redhat.com>
Signed-off-by: Nir Soffer <nsoffer@redhat.com>
---
 test/drenv/providers/lima/k8s.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/test/drenv/providers/lima/k8s.yaml b/test/drenv/providers/lima/k8s.yaml
index cd7b917cd..7802a1459 100644
--- a/test/drenv/providers/lima/k8s.yaml
+++ b/test/drenv/providers/lima/k8s.yaml
@@ -177,6 +177,12 @@ provision:
       EOF
       kubectl apply -k $flannel
 
+      # Enable masqueradeAll in kube-proxy.
+      kubectl get cm -n kube-system kube-proxy -o yaml > kube-proxy.yaml
+      sed -i 's/masqueradeAll: false/masqueradeAll: true/g' kube-proxy.yaml
+      kubectl apply -f kube-proxy.yaml
+      kubectl delete pod -n kube-system -l k8s-app=kube-proxy
+
   - mode: system
     script: |
       #!/bin/bash

From ac2b52bf371e822cfb3d928ec14617552e6b7d43 Mon Sep 17 00:00:00 2001
From: Nir Soffer <nsoffer@redhat.com>
Date: Fri, 6 Sep 2024 23:29:43 +0300
Subject: [PATCH 3/3] Configure API server to listen on all addresses

Change taken from k8s-lima repo[1]. In my tests it does not make any
difference, posting for testing on other system.

[1] https://github.com/raghavendra-talur/k8s-lima

Thanks: Raghavendra Talur <rtalur@redhat.com>
Signed-off-by: Nir Soffer <nsoffer@redhat.com>
---
 test/drenv/providers/lima/k8s.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/test/drenv/providers/lima/k8s.yaml b/test/drenv/providers/lima/k8s.yaml
index 7802a1459..8940632c1 100644
--- a/test/drenv/providers/lima/k8s.yaml
+++ b/test/drenv/providers/lima/k8s.yaml
@@ -136,6 +136,8 @@ provision:
       kind: ClusterConfiguration
       apiVersion: kubeadm.k8s.io/v1beta3
       apiServer:
+        extraArgs:
+          advertise-address: "0.0.0.0"
         certSANs: # --apiserver-cert-extra-sans
         - "127.0.0.1"
       networking: