k3s/cluster/juju/layers/kubernetes-master/config.yaml

options:
  audit-policy:
    type: string
    default: |
      apiVersion: audit.k8s.io/v1beta1
      kind: Policy
      rules:
      # Don't log read-only requests from the apiserver
      - level: None
        users: ["system:apiserver"]
        verbs: ["get", "list", "watch"]
      # Don't log kube-proxy watches
      - level: None
        users: ["system:kube-proxy"]
        verbs: ["watch"]
        resources:
        - resources: ["endpoints", "services"]
      # Don't log nodes getting their own status
      - level: None
        userGroups: ["system:nodes"]
        verbs: ["get"]
        resources:
        - resources: ["nodes"]
      # Don't log kube-controller-manager and kube-scheduler getting endpoints
      - level: None
        users: ["system:unsecured"]
        namespaces: ["kube-system"]
        verbs: ["get"]
        resources:
        - resources: ["endpoints"]
      # Log everything else at the Request level.
      - level: Request
        omitStages:
        - RequestReceived      
    description: |
      Audit policy passed to kube-apiserver via --audit-policy-file.
      For more info, please refer to the upstream documentation at
      https://kubernetes.io/docs/tasks/debug-application-cluster/audit/      
  audit-webhook-config:
    type: string
    default: ""
    description: |
      Audit webhook config passed to kube-apiserver via --audit-webhook-config-file.
      For more info, please refer to the upstream documentation at
      https://kubernetes.io/docs/tasks/debug-application-cluster/audit/      
  addons-registry:
    type: string
    default: ""
    description: Specify the docker registry to use when applying addons
  enable-dashboard-addons:
    type: boolean
    default: True
    description: Deploy the Kubernetes Dashboard and Heapster addons
  enable-kube-dns:
    type: boolean
    default: True
    description: Deploy kube-dns addon
  dns_domain:
    type: string
    default: cluster.local
    description: The local domain for cluster dns
  extra_sans:
    type: string
    default: ""
    description: |
      Space-separated list of extra SAN entries to add to the x509 certificate
      created for the master nodes.      
  service-cidr:
    type: string
    default: 10.152.183.0/24
    description: CIDR to user for Kubernetes services. Cannot be changed after deployment.
  allow-privileged:
    type: string
    default: "auto"
    description: |
      Allow kube-apiserver to run in privileged mode. Supported values are
      "true", "false", and "auto". If "true", kube-apiserver will run in
      privileged mode by default. If "false", kube-apiserver will never run in
      privileged mode. If "auto", kube-apiserver will not run in privileged
      mode by default, but will switch to privileged mode if gpu hardware is
      detected on a worker node.      
  enable-nvidia-plugin:
    type: string
    default: "auto"
    description: |
      Load the nvidia device plugin daemonset. Supported values are
      "auto" and "false". When "auto", the daemonset will be loaded
      only if GPUs are detected. When "false" the nvidia device plugin
      will not be loaded.      
  channel:
    type: string
    default: "1.11/stable"
    description: |
      Snap channel to install Kubernetes master services from      
  client_password:
    type: string
    default: ""
    description: |
      Password to be used for admin user (leave empty for random password).      
  api-extra-args:
    type: string
    default: ""
    description: |
      Space separated list of flags and key=value pairs that will be passed as arguments to
      kube-apiserver. For example a value like this:
        runtime-config=batch/v2alpha1=true profiling=true
      will result in kube-apiserver being run with the following options:
        --runtime-config=batch/v2alpha1=true --profiling=true      
  controller-manager-extra-args:
    type: string
    default: ""
    description: |
      Space separated list of flags and key=value pairs that will be passed as arguments to
      kube-controller-manager. For example a value like this:
        runtime-config=batch/v2alpha1=true profiling=true
      will result in kube-controller-manager being run with the following options:
        --runtime-config=batch/v2alpha1=true --profiling=true      
  scheduler-extra-args:
    type: string
    default: ""
    description: |
      Space separated list of flags and key=value pairs that will be passed as arguments to
      kube-scheduler. For example a value like this:
        runtime-config=batch/v2alpha1=true profiling=true
      will result in kube-scheduler being run with the following options:
        --runtime-config=batch/v2alpha1=true --profiling=true      
  authorization-mode:
    type: string
    default: "AlwaysAllow"
    description: |
      Comma separated authorization modes. Allowed values are
      "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".      
  require-manual-upgrade:
    type: boolean
    default: true
    description: |
      When true, master nodes will not be upgraded until the user triggers
      it manually by running the upgrade action.      
  storage-backend:
    type: string
    default: "auto"
    description: |
      The storage backend for kube-apiserver persistence. Can be "etcd2", "etcd3", or
      "auto". Auto mode will select etcd3 on new installations, or etcd2 on upgrades.      
  enable-metrics:
    type: boolean
    default: true
    description: |
      If true the metrics server for Kubernetes will be deployed onto the cluster.      
  default-storage:
    type: string
    default: "auto"
    description: |
      The storage class to make the default storage class. Allowed values are "auto",
      "none", "ceph-xfs", "ceph-ext4". Note: Only works in Kubernetes >= 1.10