Knobby Kubernetes Master

Channel Revision Published Runs on
latest/stable 150 19 Mar 2021
Ubuntu 18.04 Ubuntu 16.04
latest/edge 125 19 Mar 2021
Ubuntu 18.04 Ubuntu 16.04
juju deploy knobby-kubernetes-master
Show information

Learn to deploy on juju >

Platform:

Ubuntu
18.04 16.04

Learn about configurations >

  • addons-registry | string

    Specify the docker registry to use when applying addons

  • allow-privileged | string

    Default: auto

    Allow kube-apiserver to run in privileged mode. Supported values are "true", "false", and "auto". If "true", kube-apiserver will run in privileged mode by default. If "false", kube-apiserver will never run in privileged mode. If "auto", kube-apiserver will not run in privileged mode by default, but will switch to privileged mode if gpu hardware is detected on a worker node.

  • api-extra-args | string

    Space separated list of flags and key=value pairs that will be passed as arguments to kube-apiserver. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-apiserver being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true

  • audit-policy | string

    Default: apiVersion: audit.k8s.io/v1beta1 kind: Policy rules: # Don't log read-only requests from the apiserver - level: None users: ["system:apiserver"] verbs: ["get", "list", "watch"] # Don't log kube-proxy watches - level: None users: ["system:kube-proxy"] verbs: ["watch"] resources: - resources: ["endpoints", "services"] # Don't log nodes getting their own status - level: None userGroups: ["system:nodes"] verbs: ["get"] resources: - resources: ["nodes"] # Don't log kube-controller-manager and kube-scheduler getting endpoints - level: None users: ["system:unsecured"] namespaces: ["kube-system"] verbs: ["get"] resources: - resources: ["endpoints"] # Log everything else at the Request level. - level: Request omitStages: - RequestReceived

    Audit policy passed to kube-apiserver via --audit-policy-file. For more info, please refer to the upstream documentation at https://kubernetes.io/docs/tasks/debug-application-cluster/audit/

  • audit-webhook-config | string

    Audit webhook config passed to kube-apiserver via --audit-webhook-config-file. For more info, please refer to the upstream documentation at https://kubernetes.io/docs/tasks/debug-application-cluster/audit/

  • authorization-mode | string

    Default: AlwaysAllow

    Comma separated authorization modes. Allowed values are "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".

  • channel | string

    Default: 1.12/stable

    Snap channel to install Kubernetes master services from

  • client_password | string

    Password to be used for admin user (leave empty for random password).

  • controller-manager-extra-args | string

    Space separated list of flags and key=value pairs that will be passed as arguments to kube-controller-manager. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-controller-manager being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true

  • default-storage | string

    Default: auto

    The storage class to make the default storage class. Allowed values are "auto", "none", "ceph-xfs", "ceph-ext4". Note: Only works in Kubernetes >= 1.10

  • dns_domain | string

    Default: cluster.local

    The local domain for cluster dns

  • enable-dashboard-addons | boolean

    Default: True

    Deploy the Kubernetes Dashboard and Heapster addons

  • enable-keystone-authorization | boolean

    If true and the Keystone charm is related, users will authorize against the Keystone server. Note that if related, users will always authenticate against Keystone.

  • enable-kube-dns | boolean

    Default: True

    Deploy kube-dns addon

  • enable-metrics | boolean

    Default: True

    If true the metrics server for Kubernetes will be deployed onto the cluster.

  • enable-nvidia-plugin | string

    Default: auto

    Load the nvidia device plugin daemonset. Supported values are "auto" and "false". When "auto", the daemonset will be loaded only if GPUs are detected. When "false" the nvidia device plugin will not be loaded.

  • extra_sans | string

    Space-separated list of extra SAN entries to add to the x509 certificate created for the master nodes.

  • keystone-policy | string

    Default: apiVersion: v1 kind: ConfigMap metadata: name: k8s-auth-policy namespace: kube-system labels: k8s-app: k8s-keystone-auth data: policies: | [ { "resource": { "verbs": ["get", "list", "watch"], "resources": ["*"], "version": "*", "namespace": "*" }, "match": [ { "type": "role", "values": ["k8s-viewers"] }, { "type": "project", "values": ["k8s"] } ] }, { "resource": { "verbs": ["*"], "resources": ["*"], "version": "*", "namespace": "default" }, "match": [ { "type": "role", "values": ["k8s-users"] }, { "type": "project", "values": ["k8s"] } ] }, { "resource": { "verbs": ["*"], "resources": ["*"], "version": "*", "namespace": "*" }, "match": [ { "type": "role", "values": ["k8s-admins"] }, { "type": "project", "values": ["k8s"] } ] } ]

    Policy for Keystone authentication. This is used when a Keystone charm is related to kubernetes-master in order to provide authentication and authorization for Keystone users on the Kubernetes cluster.

  • keystone-ssl-ca | string

    Path to Keystone certificate authority for securing communications to Keystone.

  • nagios_context | string

    Default: juju

    Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.

  • nagios_servicegroups | string

    A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup

  • require-manual-upgrade | boolean

    Default: True

    When true, master nodes will not be upgraded until the user triggers it manually by running the upgrade action.

  • scheduler-extra-args | string

    Space separated list of flags and key=value pairs that will be passed as arguments to kube-scheduler. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-scheduler being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true

  • service-cidr | string

    Default: 10.152.183.0/24

    CIDR to user for Kubernetes services. Cannot be changed after deployment.

  • snap_proxy | string

    HTTP/HTTPS web proxy for Snappy to use when accessing the snap store.

  • snap_proxy_url | string

    The address of a Snap Store Proxy to use for snaps e.g. http://snap-proxy.example.com

  • snapd_refresh | string

    Default: max

    How often snapd handles updates for installed snaps. Setting an empty string will check 4x per day. Set to "max" to delay the refresh as long as possible. You may also set a custom string as described in the 'refresh.timer' section here: https://forum.snapcraft.io/t/system-options/87

  • storage-backend | string

    Default: auto

    The storage backend for kube-apiserver persistence. Can be "etcd2", "etcd3", or "auto". Auto mode will select etcd3 on new installations, or etcd2 on upgrades.