feat(kind): add USE_CANAL option to replace default CNI

mborne · Oct 8, 2023 · 4674b62 · 4674b62
1 parent 64cab8e
commit 4674b62
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 2 deletions.
diff --git a/kind/config/generate.sh b/kind/config/generate.sh
@@ -20,6 +20,9 @@ INGRESS_READY=${INGRESS_READY:-1}
 # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
 ADMISSION_PLUGINS=${ADMISSION_PLUGINS:-NodeRestriction,ResourceQuota}
 
+# Allows to use another CNI like canal
+DISABLE_DEFAULT_CNI=${DISABLE_DEFAULT_CNI:-false}
+
 #----------------------------------------
 # Generate kind config
 #----------------------------------------
@@ -32,6 +35,9 @@ networking:
   ipFamily: ipv4
   apiServerAddress: "127.0.0.1"
   apiServerPort: 6443
+  podSubnet: "10.244.0.0/16"
+  serviceSubnet: "10.96.0.0/12"
+  disableDefaultCNI: $DISABLE_DEFAULT_CNI
 EOF
 
 if [ ! -z "$DOCKERHUB_PROXY" ];

diff --git a/kind/quickstart.md b/kind/quickstart.md
@@ -20,10 +20,11 @@ export DEVBOX_INGRESS=nginx
 export OIDC_ISSUER_URL=https://keycloak.quadtreeworld.net/realms/master
 # use a mirror for dockerhub
 export DOCKERHUB_PROXY=https://docker-mirror.quadtreeworld.net
-# ...
+# use canal (flannel + calico) instead of default CNI to test NetworkPolicies
+export USE_CANAL=1
 
 # Delete cluster if exists
-kind create clusters devbox
+kind delete clusters devbox
 
 # Create kind cluster and deploy
 bash kind/quickstart.sh

diff --git a/kind/quickstart.sh b/kind/quickstart.sh
@@ -7,8 +7,27 @@ echo "---------------------------------------------"
 echo "-- kind/quickstart.sh"
 echo "---------------------------------------------"
 
+USE_CANAL=${USE_CANAL:-0}
+if [ "$USE_CANAL" != "0" ];
+then
+    export DISABLE_DEFAULT_CNI=true
+fi
 bash $DEVBOX_DIR/kind/config/generate.sh | kind create cluster --config -
 
+#---------------------------------------------------------------------------
+# Install canal
+# see https://docs.tigera.io/calico/latest/getting-started/kubernetes/flannel/install-for-flannel#installing-with-the-kubernetes-api-datastore-recommended
+#---------------------------------------------------------------------------
+if [ "$USE_CANAL" != "0" ];
+then
+    kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/canal.yaml
+    # wait for canal pods
+    kubectl wait --namespace kube-system \
+        --for=condition=ready pod \
+        --selector=k8s-app=canal \
+        --timeout=90s
+fi
+
 #----------------------------------------
 # Install metric-server
 #----------------------------------------