Containers Kubernetes Tigera Secure Ee

  • By Canonical Kubernetes | bundle
Channel Revision Published Runs on
latest/stable 923 16 Dec 2021
latest/candidate 875 26 Oct 2021
latest/beta 923 15 Dec 2021
latest/edge 971 01 Feb 2022
juju deploy containers-kubernetes-tigera-secure-ee
Show information

Learn to deploy on juju >

Platform:

Ubuntu

Learn about configurations >

  • config_version | string

    Default: v2

    Containerd config version. Can be "v1" or "v2". DEPRECATED: config_version will be removed in a future release.

  • custom-registry-ca | string

    Base64 encoded Certificate Authority (CA) bundle. Setting this config allows container runtimes to pull images from registries with TLS certificates signed by an external CA.

  • custom_registries | string

    Default: []

    Registry endpoints and credentials. Setting this config allows Kubelet to pull images from registries where auth is required. The value for this config must be a JSON array of credential objects, like this: e.g.: [{"host": "my.registry:port", "username": "user", "password": "pass"}] Credential Object Parameters: `url: REQUIRED str` the URL to the registry, include the port if not it isn't implied from the schema. e.g: "url": "https://my.registry:8443" e.g: "url": "http://my.registry" host: OPTIONAL str - defaults to auto-generated from the url could be registry host address or a name e.g.: myregistry.io:9000, 10.10.10.10:5432 e.g.: myregistry.io, myregistry Note: It will be derived from `url` if not provided. e.g.: "url": "http://10.10.10.10:8000" --> "host": "10.10.10.10:8000" username: OPTIONAL str - default '' password: OPTIONAL str|dict - default '' Used by containerd for basic authentication to the registry. If a string, will be rendered wrapped as a double-quoted str (password = "my-strong-password") If a dictionary, will be rendered as a single-quoted json (password = '{"my": "json"}') e.g.: "password": '"$(jq -c . gce.json)"' ca_file: OPTIONAL str - default '' cert_file: OPTIONAL str - default '' key_file: OPTIONAL str - default '' For ssl/tls communication these should be a base64 encoded file e.g.: "ca_file": "'"$(base64 -w 0 < my.custom.registry.pem)"'" insecure_skip_verify: OPTIONAL bool - default false For situatations where the registry has self-signed or expired certs and a quick work-around is necessary. e.g.: "insecure_skip_verify": true example config) juju config containerd custom_registries='[{ "url": "https://registry.example.com", "ca_file": "'"$(base64 -w 0 < ~/my.custom.ca.pem)"'", "cert_file": "'"$(base64 -w 0 < ~/my.custom.cert.pem)"'", "key_file": "'"$(base64 -w 0 < ~/my.custom.key.pem)"'", }]'

  • disable-juju-proxy | boolean

    Ignore juju-http(s) proxy settings on this charm. If set to true, all juju https proxy settings will be ignored

  • enable-cgroups | boolean

    Enable GRUB cgroup overrides cgroup_enable=memory swapaccount=1. WARNING changing this option will reboot the host - use with caution on production services.

  • gpu_driver | string

    Default: auto

    Override GPU driver installation. Options are "auto", "nvidia", "none". Caution: setting this to nvidia will cause nvidia drivers to be installed on kubernetes-control-plane, even if a GPU is not present.

  • http_proxy | string

    URL to use for HTTP_PROXY to be used by Containerd. Useful in egress-filtered environments where a proxy is the only option for accessing the registry to pull images.

  • https_proxy | string

    URL to use for HTTPS_PROXY to be used by Containerd. Useful in egress-filtered environments where a proxy is the only option for accessing the registry to pull images.

  • kill_signal | string

    Default: SIGTERM

    Set containerd systemd KillSignal. Options are standard signals from https://man7.org/linux/man-pages/man7/signal.7.html

  • no_proxy | string

    Comma-separated list of destinations (either domain names or IP addresses) which should be accessed directly, rather than through the proxy defined in http_proxy or https_proxy. Must be less than 2023 characters long.

  • nvidia_apt_key_urls | string

    Default: https://nvidia.github.io/nvidia-container-runtime/gpgkey https://developer.download.nvidia.com/compute/cuda/repos/{id}{version_id_no_dot}/x86_64/3bf863cc.pub

    Space-separated list of APT GPG key URLs to add when using Nvidia GPUs. Supported template options: {id}: OS release ID, e.g. "ubuntu" {version_id}: OS release version ID, e.g. "20.04" {version_id_no_dot}: OS release version ID with no dot, e.g. "2004"

  • nvidia_apt_packages | string

    Default: cuda-drivers nvidia-container-runtime

    Space-separated list of APT packages to install when using Nvidia GPUs.

  • nvidia_apt_sources | string

    Default: deb https://nvidia.github.io/libnvidia-container/stable/deb/$(ARCH) / deb https://nvidia.github.io/nvidia-container-runtime/{id}{version_id}/$(ARCH) / deb https://developer.download.nvidia.com/compute/cuda/repos/{id}{version_id_no_dot}/x86_64 /

    Newline-separated list of APT sources to add when using Nvidia GPUs. Supported template options: {id}: OS release ID, e.g. "ubuntu" {version_id}: OS release version ID, e.g. "20.04" {version_id_no_dot}: OS release version ID with no dot, e.g. "2004"

  • runtime | string

    Default: auto

    Set a custom containerd runtime. Set "auto" to select based on hardware.

  • shim | string

    Default: containerd-shim

    Set a custom containerd shim.