kubernetes master #3

Supports: xenial


Kubernetes is an open-source platform for deploying, scaling, and operations of application containers across a cluster of hosts. Kubernetes is portable in that it works with public, private, and hybrid clouds. Extensible through a pluggable infrastructure. Self healing in that it will automatically restart and place containers on healthy nodes if a node ever goes away.


Kubernetes is an open source system for managing application containers across a cluster of hosts. The Kubernetes project was started by Google in 2014, combining the experience of running production workloads combined with best practices from the community.

The Kubernetes project defines some new terms that may be unfamiliar to users or operators. For more information please refer to the concept guide in the getting started guide.

This charm is an encapsulation of the Kubernetes master processes and the operations to run on any cloud for the entire lifecycle of the cluster.

This charm is built from other charm layers using the Juju reactive framework. The other layers focus on specific subset of operations making this layer specific to operations of Kubernetes master processes.


This charm is not fully functional when deployed by itself. It requires other charms to model a complete Kubernetes cluster. A Kubernetes cluster needs a distributed key value store such as Etcd and the kubernetes-worker charm which delivers the Kubernetes node services. A cluster requires a Software Defined Network (SDN) and Transport Layer Security (TLS) so the components in a cluster communicate securely.

Please take a look at the Canonical Distribution of Kubernetes or the Kubernetes core bundles for examples of complete models of Kubernetes clusters.


The kubernetes-master charm takes advantage of the Juju Resources feature to deliver the Kubernetes software.

In deployments on public clouds the Charm Store provides the resource to the charm automatically with no user intervention. Some environments with strict firewall rules may not be able to contact the Charm Store. In these network restricted environments the resource can be uploaded to the model by the Juju operator.


This charm supports some configuration options to set up a Kubernetes cluster that works in your environment:


The domain name to use for the Kubernetes cluster for DNS.


Enables the installation of Kubernetes dashboard, Heapster, Grafana, and InfluxDB.


Enable RBAC and Node authorisation.

DNS for the cluster

The DNS add-on allows the pods to have a DNS names in addition to IP addresses. The Kubernetes cluster DNS server (based off the SkyDNS library) supports forward lookups (A records), service lookups (SRV records) and reverse IP address lookups (PTR records). More information about the DNS can be obtained from the Kubernetes DNS admin guide.


The kubernetes-master charm models a few one time operations called Juju actions that can be run by Juju users.


This action creates RADOS Block Device (RBD) in Ceph and defines a Persistent Volume in Kubernetes so the containers can use durable storage. This action requires a relation to the ceph-mon charm before it can create the volume.


This action restarts the master processes kube-apiserver, kube-controller-manager, and kube-scheduler when the user needs a restart.

More information


The kubernetes-master charm is free and open source operations created by the containers team at Canonical.

Canonical also offers enterprise support and customization services. Please refer to the Kubernetes product page for more details.


(string) Allow kube-apiserver to run in privileged mode. Supported values are "true", "false", and "auto". If "true", kube-apiserver will run in privileged mode by default. If "false", kube-apiserver will never run in privileged mode. If "auto", kube-apiserver will not run in privileged mode by default, but will switch to privileged mode if gpu hardware is detected on a worker node.
(string) Space separated list of flags and key=value pairs that will be passed as arguments to kube-apiserver. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-apiserver being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true
(string) Comma separated authorization modes. Allowed values are "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".
(string) Snap channel to install Kubernetes master services from
(string) Password to be used for admin user (leave empty for random password).
(string) Space separated list of flags and key=value pairs that will be passed as arguments to kube-controller-manager. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-controller-manager being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true
(string) The local domain for cluster dns
(boolean) Deploy the Kubernetes Dashboard and Heapster addons
(boolean) Deploy kube-dns addon
(boolean) If true the metrics server for Kubernetes will be deployed onto the cluster.
(string) Load the nvidia device plugin daemonset. Supported values are "auto" and "false". When "auto", the daemonset will be loaded only if GPUs are detected. When "false" the nvidia device plugin will not be loaded.
(string) Space-separated list of extra SAN entries to add to the x509 certificate created for the master nodes.
(string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
(boolean) When true, master nodes will not be upgraded until the user triggers it manually by running the upgrade action.
(string) Space separated list of flags and key=value pairs that will be passed as arguments to kube-scheduler. For example a value like this: runtime-config=batch/v2alpha1=true profiling=true will result in kube-scheduler being run with the following options: --runtime-config=batch/v2alpha1=true --profiling=true
(string) CIDR to user for Kubernetes services. Cannot be changed after deployment.
(string) HTTP/HTTPS web proxy for Snappy to use when accessing the snap store.
(string) The address of a Snappy Enterprise Proxy to use for snaps e.g. http://snap-proxy.example.com
(string) The storage backend for kube-apiserver persistence. Can be "etcd2", "etcd3", or "auto". Auto mode will select etcd3 on new installations, or etcd2 on upgrades.