Knobby Kubernetes Master
- By Mike Wilson
- Cloud
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/stable | 150 | 19 Mar 2021 | |
latest/edge | 125 | 19 Mar 2021 |
juju deploy knobby-kubernetes-master
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
-
addons-registry | string
Specify the docker registry to use when applying addons
-
allow-privileged | string
Default: auto
Allow kube-apiserver to run in privileged mode. Supported values are "true", "false", and "auto". If "true", kube-apiserver will run in privileged mode by default. If "false", kube-apiserver will never run in privileged mode. If "auto", kube-apiserver will not run in privileged mode by default, but will switch to privileged mode if gpu hardware is detected on a worker node.
-
api-extra-args | string
Space separated list of flags and key=value pairs that will be passed as arguments to kube-apiserver. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-apiserver being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true
-
audit-policy | string
Default: apiVersion: audit.k8s.io/v1beta1 kind: Policy rules: # Don't log read-only requests from the apiserver - level: None users: ["system:apiserver"] verbs: ["get", "list", "watch"] # Don't log kube-proxy watches - level: None users: ["system:kube-proxy"] verbs: ["watch"] resources: - resources: ["endpoints", "services"] # Don't log nodes getting their own status - level: None userGroups: ["system:nodes"] verbs: ["get"] resources: - resources: ["nodes"] # Don't log kube-controller-manager and kube-scheduler getting endpoints - level: None users: ["system:unsecured"] namespaces: ["kube-system"] verbs: ["get"] resources: - resources: ["endpoints"] # Log everything else at the Request level. - level: Request omitStages: - RequestReceived
Audit policy passed to kube-apiserver via --audit-policy-file. For more info, please refer to the upstream documentation at https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
-
audit-webhook-config | string
Audit webhook config passed to kube-apiserver via --audit-webhook-config-file. For more info, please refer to the upstream documentation at https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
-
authorization-mode | string
Default: AlwaysAllow
Comma separated authorization modes. Allowed values are "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".
-
channel | string
Default: 1.12/stable
Snap channel to install Kubernetes master services from
-
client_password | string
Password to be used for admin user (leave empty for random password).
-
controller-manager-extra-args | string
Space separated list of flags and key=value pairs that will be passed as arguments to kube-controller-manager. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-controller-manager being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true
-
default-storage | string
Default: auto
The storage class to make the default storage class. Allowed values are "auto", "none", "ceph-xfs", "ceph-ext4". Note: Only works in Kubernetes >= 1.10
-
dns_domain | string
Default: cluster.local
The local domain for cluster dns
-
enable-dashboard-addons | boolean
Default: True
Deploy the Kubernetes Dashboard and Heapster addons
-
enable-keystone-authorization | boolean
If true and the Keystone charm is related, users will authorize against the Keystone server. Note that if related, users will always authenticate against Keystone.
-
enable-kube-dns | boolean
Default: True
Deploy kube-dns addon
-
enable-metrics | boolean
Default: True
If true the metrics server for Kubernetes will be deployed onto the cluster.
-
enable-nvidia-plugin | string
Default: auto
Load the nvidia device plugin daemonset. Supported values are "auto" and "false". When "auto", the daemonset will be loaded only if GPUs are detected. When "false" the nvidia device plugin will not be loaded.
-
extra_sans | string
Space-separated list of extra SAN entries to add to the x509 certificate created for the master nodes.
-
keystone-policy | string
Default: apiVersion: v1 kind: ConfigMap metadata: name: k8s-auth-policy namespace: kube-system labels: k8s-app: k8s-keystone-auth data: policies: | [ { "resource": { "verbs": ["get", "list", "watch"], "resources": ["*"], "version": "*", "namespace": "*" }, "match": [ { "type": "role", "values": ["k8s-viewers"] }, { "type": "project", "values": ["k8s"] } ] }, { "resource": { "verbs": ["*"], "resources": ["*"], "version": "*", "namespace": "default" }, "match": [ { "type": "role", "values": ["k8s-users"] }, { "type": "project", "values": ["k8s"] } ] }, { "resource": { "verbs": ["*"], "resources": ["*"], "version": "*", "namespace": "*" }, "match": [ { "type": "role", "values": ["k8s-admins"] }, { "type": "project", "values": ["k8s"] } ] } ]
Policy for Keystone authentication. This is used when a Keystone charm is related to kubernetes-master in order to provide authentication and authorization for Keystone users on the Kubernetes cluster.
-
keystone-ssl-ca | string
Path to Keystone certificate authority for securing communications to Keystone.
-
nagios_context | string
Default: juju
Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
-
nagios_servicegroups | string
A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
-
require-manual-upgrade | boolean
Default: True
When true, master nodes will not be upgraded until the user triggers it manually by running the upgrade action.
-
scheduler-extra-args | string
Space separated list of flags and key=value pairs that will be passed as arguments to kube-scheduler. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-scheduler being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true
-
service-cidr | string
Default: 10.152.183.0/24
CIDR to user for Kubernetes services. Cannot be changed after deployment.
-
snap_proxy | string
HTTP/HTTPS web proxy for Snappy to use when accessing the snap store.
-
snap_proxy_url | string
The address of a Snap Store Proxy to use for snaps e.g. http://snap-proxy.example.com
-
snapd_refresh | string
Default: max
How often snapd handles updates for installed snaps. Setting an empty string will check 4x per day. Set to "max" to delay the refresh as long as possible. You may also set a custom string as described in the 'refresh.timer' section here: https://forum.snapcraft.io/t/system-options/87
-
storage-backend | string
Default: auto
The storage backend for kube-apiserver persistence. Can be "etcd2", "etcd3", or "auto". Auto mode will select etcd3 on new installations, or etcd2 on upgrades.