Move from trustworthy-jwt yaml to default-yaml (#13152)

* Move from trustworthy-jwt yaml to default-yaml

* Update to K8s 1.27.0

* Minor update

* Remove apiVersion as in istio/istio #44687

prow/config/default.yaml

@@ -0,0 +1,29 @@
+# This configs KinD to spin up a k8s cluster with mixed protocol LB support and GRPCContainerProbe enabled
+# This should be used to create K8s clusters with versions >= 1.23
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+featureGates:
+  MixedProtocolLBService: true
+  GRPCContainerProbe: true
+kubeadmConfigPatches:
+  - |
+    kind: ClusterConfiguration
+    metadata:
+      name: config
+    etcd:
+      local:
+        # Run etcd in a tmpfs (in RAM) for performance improvements
+        dataDir: /tmp/kind-cluster-etcd
+    # We run single node, drop leader election to reduce overhead
+    controllerManagerExtraArgs:
+      leader-elect: "false"
+    schedulerExtraArgs:
+      leader-elect: "false"
+    apiServer:
+      extraArgs:
+        "service-account-issuer": "kubernetes.default.svc"
+        "service-account-signing-key-file": "/etc/kubernetes/pki/sa.key"
+containerdConfigPatches:
+  - |-
+    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
+      endpoint = ["http://kind-registry:5000"]

prow/config/trustworthy-jwt.yaml

@@ -1,17 +0,0 @@
-# This configs KinD to spin up a k8s cluster with trustworthy jwt (Service Account Token Volume Projection) feature.
-kind: Cluster
-apiVersion: kind.x-k8s.io/v1alpha4
-kubeadmConfigPatches:
-  - |
-    apiVersion: kubeadm.k8s.io/v1beta2
-    kind: ClusterConfiguration
-    metadata:
-      name: config
-    apiServer:
-      extraArgs:
-        "service-account-issuer": "kubernetes.default.svc"
-        "service-account-signing-key-file": "/etc/kubernetes/pki/sa.key"
-containerdConfigPatches:
-  - |-
-    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
-      endpoint = ["http://kind-registry:5000"]

prow/integ-suite-kind.sh

@@ -102,11 +102,11 @@ if [ -n "${PULL_NUMBER:-}" ]; then
 fi
 
 export IP_FAMILY="${IP_FAMILY:-ipv4}"
-export NODE_IMAGE="gcr.io/istio-testing/kind-node:v1.26.1"
+export NODE_IMAGE="gcr.io/istio-testing/kind-node:v1.27.0"
 
 if [[ -z "${SKIP_SETUP:-}" ]]; then
   export ARTIFACTS="${ARTIFACTS:-$(mktemp -d)}"
-  export DEFAULT_CLUSTER_YAML="./prow/config/trustworthy-jwt.yaml"
+  export DEFAULT_CLUSTER_YAML="./prow/config/default.yaml"
   export METRICS_SERVER_CONFIG_DIR=''
 
   if [[ "${TOPOLOGY}" == "SINGLE_CLUSTER" ]]; then

prow/lib.sh

@@ -76,7 +76,7 @@ function setup_kind_cluster() {
   # If config not explicitly set, then use defaults
   if [[ -z "${CONFIG}" ]]; then
     # Kubernetes 1.15+
-    CONFIG=./prow/config/trustworthy-jwt.yaml
+    CONFIG=./prow/config/default.yaml
   fi
 
   # Create KinD cluster

tests/README.md

@@ -279,7 +279,7 @@ The following command will run all the doc tests within a `kube` environment:
 make doc.test
 ```
 
-The `make doc.test` rule can be passed two optional environment variables: `TEST` and `TIMEOUT`.
+The `make doc.test` target can be passed two optional environment variables: `TEST` and `TIMEOUT`.
 
 `TEST` specifies a directory relative to `content/en/docs/` containing the tests to run.
 For example, the following command will only run the tests under `content/en/docs/tasks/traffic-management`:
@@ -307,7 +307,7 @@ You can also find this information by running `make doc.test.help`.
 error as the Istio control plane is being started. Adding a config when creating your `kind` cluster should fix the issue:
 
    ```sh
-   kind create cluster --name istio-test --config prow/config/trustworthy-jwt.yaml
+   kind create cluster --name istio-test --config prow/config/default.yaml
    ```
 
 1. When using `kind` clusters on a Mac, an extra env var is needed (ADDITIONAL_CONTAINER_OPTIONS="--network host").