MicroK8s

  • Canonical Kubernetes
Channel Revision Published Runs on
latest/edge 236 09 Jan 2024
Ubuntu 22.04 Ubuntu 20.04
latest/edge 235 09 Jan 2024
Ubuntu 22.04 Ubuntu 20.04
latest/edge 234 09 Jan 2024
Ubuntu 22.04 Ubuntu 20.04
latest/edge 233 09 Jan 2024
Ubuntu 22.04 Ubuntu 20.04
latest/edge 232 09 Jan 2024
Ubuntu 22.04 Ubuntu 20.04
legacy/stable 124 17 Aug 2023
Ubuntu 22.04 Ubuntu 20.04
legacy/stable 121 17 Aug 2023
Ubuntu 22.04 Ubuntu 20.04
legacy/edge 124 10 Aug 2023
Ubuntu 22.04 Ubuntu 20.04
legacy/edge 125 10 Aug 2023
Ubuntu 22.04 Ubuntu 20.04
legacy/edge 123 10 Aug 2023
Ubuntu 22.04 Ubuntu 20.04
legacy/edge 122 10 Aug 2023
Ubuntu 22.04 Ubuntu 20.04
legacy/edge 121 10 Aug 2023
Ubuntu 22.04 Ubuntu 20.04
1.28/stable 213 20 Sep 2023
Ubuntu 22.04 Ubuntu 20.04
1.28/edge 218 19 Sep 2023
Ubuntu 22.04 Ubuntu 20.04
1.28/edge 217 19 Sep 2023
Ubuntu 22.04 Ubuntu 20.04
1.28/edge 216 19 Sep 2023
Ubuntu 22.04 Ubuntu 20.04
1.28/edge 215 19 Sep 2023
Ubuntu 22.04 Ubuntu 20.04
1.28/edge 213 19 Sep 2023
Ubuntu 22.04 Ubuntu 20.04
juju deploy microk8s --channel 1.28/stable
Show information

Learn to deploy on juju >

Platform:

Ubuntu
22.04 20.04

Learn about configurations >

  • automatic_certificate_reissue | boolean

    Default: True

    By default, MicroK8s will automatically regenerate server certificates when the IP address of the host machine changes. This is problematic in scenarios where a bridge is configured on the host and IP addresses on the bridge are changed frequently.

    Set this flag to false if that is the case to prevent MicroK8s from continuously restarting and affecting the service.

    This option is ignored and does not have any effect on multi-node clusters.

  • containerd_custom_registries | string

    Default: []

    Registry endpoints and credentials. Setting this config allows containerd to pull images from registries where auth is required.

    The value for this config must be a JSON array of credential objects, like this: e.g.: [{"url": "https://registry.example.com", "host": "my.registry:port", "username": "user", "password": "pass"}]

    Credential Object Parameters: url: REQUIRED str the URL to the registry, include the port if not it isn't implied from the schema. e.g: "url": "https://my.registry:8443" e.g: "url": "http://my.registry"

    host: OPTIONAL str - defaults to auto-generated from the url could be registry host address or a name e.g.: myregistry.io:9000, 10.10.10.10:5432 e.g.: myregistry.io, myregistry Note: It will be derived from url if not provided. e.g.: "url": "http://10.10.10.10:8000" --> "host": "10.10.10.10:8000"

    username: OPTIONAL str - default '' password: OPTIONAL str - default '' Used by containerd for basic authentication to the registry.

    ca_file: OPTIONAL str - default '' cert_file: OPTIONAL str - default '' key_file: OPTIONAL str - default '' For ssl/tls communication these should be a base64 encoded file e.g.: "ca_file": "'"$(base64 -w 0 < my.custom.registry.pem)"'"

    insecure_skip_verify: OPTIONAL bool - default false For situatations where the registry has self-signed or expired certs and a quick work-around is necessary. e.g.: "insecure_skip_verify": true

    example config) juju config containerd custom_registries='[{ "url": "https://registry.example.com", "ca_file": "'"$(base64 -w 0 < ~/my.custom.ca.pem)"'", "cert_file": "'"$(base64 -w 0 < ~/my.custom.cert.pem)"'", "key_file": "'"$(base64 -w 0 < ~/my.custom.key.pem)"'", }]'

  • containerd_http_proxy | string

    Set an HTTP proxy to be used by containerd to pull images from image registries. This is useful when deploying the charm on a constrained environment.

    Example: "http://squid.internal:3128"

  • containerd_https_proxy | string

    Set an HTTPS proxy to be used by containerd to pull images from image registries. This is useful when deploying the charm on a constrained environment.

    Example: "http://squid.internal:3128"

  • containerd_no_proxy | string

    When configuring an HTTP/HTTPS proxy for containerd, specify the list of IP ranges to exclude.

    Example: "127.0.0.1,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12"

  • extra_sans | string

    Default: %UNIT_PUBLIC_ADDRESS%

    Comma-separated list of extra Subject Alternate Names that will be added to the kube-apiserver certificates. This is useful in cases where the MicroK8s control plane is made accessible over a floating IP or with DNS round-robin load-balancing.

    The list may contain valid IP addresses or hostnames. If %UNIT_PUBLIC_ADDRESS% is in the list, it will be replaced by Juju with the public address of the unit (e.g. the OpenStack floating IP).

    Note that the charm will not configure any DNS records or virtual IPs, these have to be setup by the administrator separately.

    Examples:

    • "" # do nothing
    • "10.10.10.10" # add '10.10.10.10' as a SAN
    • "k8s-1.lan" # add 'k8s-1.lan' as a SAN
    • "10.10.10.10,k8s-1.lan" # add two SANs
    • "%UNIT_PUBLIC_ADDRESS%" # add the public unit address as a SAN

  • hostpath_storage | boolean

    Allow hostpath storage provisioner on the cluster

  • rbac | boolean

    Enable Role-based access control (RBAC) authorization on the cluster

  • role | string

    Role for MicroK8s deployment, one of "", "control-plane" or "worker".

    Set the role to "control-plane" or "" to deploy all units as control plane nodes and form an HA control plane.

    Set the role to "worker" to deploy all units as workers. When deploying workers, the units will remain in waiting status until they are related to a microk8s control plane.

    The charm role cannot and must not be changed after deployment. Doing so will cause the units to go into error state until the change is reverted.