Kubernetes Control Plane

  • Canonical Kubernetes
Channel Revision Published Runs on
latest/stable 560 16 Dec 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/stable 559 16 Dec 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/stable 558 16 Dec 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/stable 219 17 Apr 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/candidate 560 06 Dec 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/candidate 559 06 Dec 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/candidate 558 06 Dec 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/candidate 219 07 Sep 2023
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/beta 536 20 Aug 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/beta 535 20 Aug 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/beta 534 20 Aug 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/beta 211 24 Jan 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 563 Today
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 562 Today
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 561 Today
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 508 27 Jul 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 507 27 Jul 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 506 27 Jul 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
latest/edge 211 07 Sep 2023
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.32/edge 563 Today
Ubuntu 22.04 Ubuntu 20.04
1.32/edge 562 Today
Ubuntu 22.04 Ubuntu 20.04
1.32/edge 561 Today
Ubuntu 22.04 Ubuntu 20.04
1.31/stable 560 16 Dec 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.31/stable 559 16 Dec 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.31/stable 558 16 Dec 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.31/stable 219 16 Dec 2024
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.31/candidate 560 06 Dec 2024
Ubuntu 22.04 Ubuntu 20.04
1.31/candidate 559 06 Dec 2024
Ubuntu 22.04 Ubuntu 20.04
1.31/candidate 558 06 Dec 2024
Ubuntu 22.04 Ubuntu 20.04
1.31/beta 536 20 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
1.31/beta 535 20 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
1.31/beta 534 20 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
1.31/edge 539 27 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
1.31/edge 538 27 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
1.31/edge 537 27 Aug 2024
Ubuntu 22.04 Ubuntu 20.04
1.30/stable 505 11 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.30/stable 504 11 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.30/stable 503 11 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.30/beta 505 05 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.30/beta 504 05 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.30/beta 503 05 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.30/edge 511 29 Jul 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04
1.30/edge 510 29 Jul 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04
1.30/edge 509 29 Jul 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04
1.30/edge 508 27 Jul 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04
1.30/edge 507 27 Jul 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04
1.30/edge 506 27 Jul 2024
Ubuntu 24.04 Ubuntu 22.04 Ubuntu 20.04
1.29/stable 502 05 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/stable 501 05 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/stable 500 05 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/candidate 502 02 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/candidate 501 02 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/candidate 500 02 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/beta 439 05 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/beta 438 05 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/beta 437 05 Jul 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/edge 427 05 Mar 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/edge 426 05 Mar 2024
Ubuntu 22.04 Ubuntu 20.04
1.29/edge 425 05 Mar 2024
Ubuntu 22.04 Ubuntu 20.04
1.28/stable 321 07 Nov 2023
Ubuntu 22.04 Ubuntu 20.04
1.28/candidate 321 01 Nov 2023
Ubuntu 22.04 Ubuntu 20.04
1.28/beta 302 18 Aug 2023
Ubuntu 22.04 Ubuntu 20.04
1.28/edge 305 06 Sep 2023
Ubuntu 22.04 Ubuntu 20.04
1.27/stable 274 12 Jun 2023
Ubuntu 22.04 Ubuntu 20.04
1.27/candidate 274 12 Jun 2023
Ubuntu 22.04 Ubuntu 20.04
1.27/beta 260 10 Apr 2023
Ubuntu 22.04 Ubuntu 20.04
1.27/edge 261 10 Apr 2023
Ubuntu 22.04 Ubuntu 20.04
1.26/stable 247 20 Mar 2023
Ubuntu 22.04 Ubuntu 20.04
1.26/candidate 247 16 Mar 2023
Ubuntu 22.04 Ubuntu 20.04
1.26/beta 220 09 Apr 2023
Ubuntu 22.04 Ubuntu 20.04
1.26/edge 220 01 Dec 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.26/edge 211 16 Nov 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.25/stable 219 01 Dec 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.25/candidate 219 30 Nov 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.25/beta 221 01 Dec 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.25/beta 186 01 Sep 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.25/edge 190 09 Sep 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.24/stable 171 04 Aug 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
1.24/stable 152 05 May 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
1.24/candidate 171 02 Aug 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04
1.24/beta 152 05 May 2022
Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
1.24/edge 172 12 Aug 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
1.24/edge 166 21 Jul 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
1.24/edge 165 10 Jul 2022
Ubuntu 22.04 Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
1.23/beta 90 22 Mar 2022
Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
1.23/edge 98 25 Mar 2022
Ubuntu 20.04 Ubuntu 18.04 Ubuntu 16.04
juju deploy kubernetes-control-plane
Show information

Platform:

Ubuntu
24.04 22.04 20.04 18.04 16.04

Learn about configurations >

  • allow-privileged | string

    Default: auto

    Allow kube-apiserver to run in privileged mode. Supported values are "true", "false", and "auto". If "true", kube-apiserver will run in privileged mode by default. If "false", kube-apiserver will never run in privileged mode. If "auto", kube-apiserver will not run in privileged mode by default, unless certain circumstances are discovered

    • gpu hardware is detected on a worker node
    • openstack-integrator successfully related

  • api-extra-args | string

    Space separated list of flags and key=value pairs that will be passed as arguments to kube-apiserver. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-apiserver being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true

  • audit-policy | string

    Default: apiVersion: audit.k8s.io/v1 kind: Policy rules: # Don't log read-only requests from the apiserver - level: None users: ["system:apiserver"] verbs: ["get", "list", "watch"] # Don't log kube-proxy watches - level: None users: ["system:kube-proxy"] verbs: ["watch"] resources: - resources: ["endpoints", "services"] # Don't log nodes getting their own status - level: None userGroups: ["system:nodes"] verbs: ["get"] resources: - resources: ["nodes"] # Don't log kube-controller-manager and kube-scheduler getting endpoints - level: None users: ["system:unsecured"] namespaces: ["kube-system"] verbs: ["get"] resources: - resources: ["endpoints"] # Log everything else at the Request level. - level: Request omitStages: - RequestReceived

    Audit policy passed to kube-apiserver via --audit-policy-file. For more info, please refer to the upstream documentation at https://kubernetes.io/docs/tasks/debug-application-cluster/audit/

  • audit-webhook-config | string

    Audit webhook config passed to kube-apiserver via --audit-webhook-config-file. For more info, please refer to the upstream documentation at https://kubernetes.io/docs/tasks/debug-application-cluster/audit/

  • authn-webhook-endpoint | string

    Custom endpoint to check when authenticating kube-apiserver requests. This must be an https url accessible by the kubernetes-control-plane units. For example:

    https://your.server:8443/authenticate

    When a JSON-serialized TokenReview object is POSTed to this endpoint, it must respond with appropriate authentication details. For more info, please refer to the upstream documentation at https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication

  • authorization-mode | string

    Default: Node,RBAC

    Comma separated authorization modes. Allowed values are "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".

  • authorization-webhook-config-file | string

    Authorization webhook config passed to kube-apiserver via --authorization-webhook-config-file. For more info, please refer to the upstream documentation at https://kubernetes.io/docs/reference/access-authn-authz/webhook/

  • channel | string

    Default: 1.31/stable

    Snap channel to install Kubernetes control plane services from

  • controller-manager-extra-args | string

    Space separated list of flags and key=value pairs that will be passed as arguments to kube-controller-manager. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-controller-manager being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true

  • default-cni | string

    Default CNI network to use when multiple CNI subordinates are related.

    The value of this config should be the application name of a related CNI subordinate. For example:

    juju config kubernetes-control-plane default-cni=flannel

    If unspecified, then the default CNI network is chosen alphabetically.

  • default-storage | string

    Default: auto

    The storage class to make the default storage class.

    Setting to "auto" is the same as setting "ceph-xfs"

    Any value is allowed, if it matches the name of a storage class, it alone will be selected as the default storage class for the cluster.

  • dns-provider | string

    Default: auto

    DNS provider addon to use. Can be "auto", "core-dns", or "none".

    CoreDNS is only supported on Kubernetes 1.14+.

    When set to "auto", the behavior is as follows: previously used.

    • New deployments of Kubernetes 1.14+ will use CoreDNS
    • Upgraded deployments will continue to use whichever provider was

  • dns_domain | string

    Default: cluster.local

    The local domain for cluster dns

  • enable-dashboard-addons | boolean

    Default: True

    Deploy the Kubernetes Dashboard

  • enable-metrics | boolean

    Default: True

    If true the metrics server for Kubernetes will be deployed onto the cluster managed entirely by kubernetes addons. Consider disabling this option and deploying kubernetes-metrics-server-operator into a kubernetes model.

  • enable-nvidia-plugin | string

    Default: false

    Deprecation notice: This option is deprecated and may be removed in a future release. If set to anything other than "false", the charm will be blocked with an error message. Consult https://ubuntu.com/kubernetes/docs/gpu-workers to learn how to deploy GPU workers.

  • extra_sans | string

    Space-separated list of extra SAN entries to add to the x509 certificate created for the control plane nodes.

  • ha-cluster-dns | string

    DNS entry to use with the HA Cluster subordinate charm. Mutually exclusive with ha-cluster-vip.

  • ha-cluster-vip | string

    Virtual IP for the charm to use with the HA Cluster subordinate charm Mutually exclusive with ha-cluster-dns. Multiple virtual IPs are separated by spaces.

  • ignore-kube-system-pods | string

    Space separated list of pod names in the kube-system namespace to ignore when checking for running pods. Any non-Running Pod whose name is on this list, will be ignored during the check.

  • image-registry | string

    Default: rocks.canonical.com:443/cdk

    Container image registry to use for CDK. This includes addons like the Kubernetes dashboard, metrics server, ingress, and dns along with non-addon images including the pause container and default backend image.

  • kubelet-extra-args | string

    Space separated list of flags and key=value pairs that will be passed as arguments to kubelet. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kubelet being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true Note: As of Kubernetes 1.10.x, many of Kubelet's args have been deprecated, and can be set with kubelet-extra-config instead.

  • kubelet-extra-config | string

    Default: {}

    Extra configuration to be passed to kubelet. Any values specified in this config will be merged into a KubeletConfiguration file that is passed to the kubelet service via the --config flag. This can be used to override values provided by the charm.

    The value for this config must be a YAML mapping that can be safely merged with a KubeletConfiguration file. For example: {evictionHard: {memory.available: 200Mi}}

    For more information about KubeletConfiguration, see upstream docs: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/

  • labels | string

    Default: node-role.kubernetes.io/control-plane=

    Labels can be used to organize and to select subsets of nodes in the cluster. Declare node labels in key=value format, separated by spaces.

  • loadbalancer-ips | string

    Space separated list of IP addresses of loadbalancers in front of the control plane. These can be either virtual IP addresses that have been floated in front of the control plane or the IP of a loadbalancer appliance such as an F5. Currently, workers will only use the first address that is specified.

  • proxy-extra-args | string

    Space separated list of flags and key=value pairs that will be passed as arguments to kube-proxy. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-apiserver being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true

  • proxy-extra-config | string

    Default: {}

    Extra configuration to be passed to kube-proxy. Any values specified in this config will be merged into a KubeProxyConfiguration file that is passed to the kube-proxy service via the --config flag. This can be used to override values provided by the charm.

    The value for this config must be a YAML mapping that can be safely merged with a KubeProxyConfiguration file. For example: {mode: ipvs, ipvs: {strictARP: true}}

    For more information about KubeProxyConfiguration, see upstream docs: https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/

  • register-with-taints | string

    Default: node-role.kubernetes.io/control-plane:NoSchedule

    Space-separated list of taints to apply to this node at registration time.

    This config is only used at deploy time when Kubelet first registers the node with Kubernetes. To change node taints after deploy time, use kubectl instead.

    For more information, see the upstream Kubernetes documentation about taints: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

  • scheduler-extra-args | string

    Space separated list of flags and key=value pairs that will be passed as arguments to kube-scheduler. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-scheduler being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true

  • service-cidr | string

    Default: 10.152.183.0/24

    CIDR to use for Kubernetes services. After deployment it is only possible to increase the size of the IP range. It is not possible to change or shrink the address range after deployment.

  • sysctl | string

    Default: {net.ipv4.conf.all.forwarding: 1, net.ipv4.conf.all.rp_filter: 1, net.ipv4.neigh.default.gc_thresh1: 128, net.ipv4.neigh.default.gc_thresh2: 28672, net.ipv4.neigh.default.gc_thresh3: 32768, net.ipv6.neigh.default.gc_thresh1: 128, net.ipv6.neigh.default.gc_thresh2: 28672, net.ipv6.neigh.default.gc_thresh3: 32768, fs.inotify.max_user_instances: 8192, fs.inotify.max_user_watches: 1048576, kernel.panic: 10, kernel.panic_on_oops: 1, vm.overcommit_memory: 1}

    YAML formatted associative array of sysctl values, e.g.: '{kernel.pid_max: 4194303}'. Note that kube-proxy handles the conntrack settings. The proper way to alter them is to use the proxy-extra-args config to set them, e.g.: juju config kubernetes-control-plane proxy-extra-args="conntrack-min=1000000 conntrack-max-per-core=250000" juju config kubernetes-worker proxy-extra-args="conntrack-min=1000000 conntrack-max-per-core=250000" The proxy-extra-args conntrack-min and conntrack-max-per-core can be set to 0 to ignore kube-proxy's settings and use the sysctl settings instead. Note the fundamental difference between the setting of conntrack-max-per-core vs nf_conntrack_max.