vendor/k8s.io/kubernetes/cluster/juju/layers/kubernetes-master/config.yaml - cloudstack-kubernetes-provider - Git at Google

 options:
   audit-policy:
     type: string
     default: |
       apiVersion: audit.k8s.io/v1beta1
       kind: Policy
       rules:
       # Don't log read-only requests from the apiserver
       - level: None
         users: ["system:apiserver"]
         verbs: ["get", "list", "watch"]
       # Don't log kube-proxy watches
       - level: None
         users: ["system:kube-proxy"]
         verbs: ["watch"]
         resources:
         - resources: ["endpoints", "services"]
       # Don't log nodes getting their own status
       - level: None
         userGroups: ["system:nodes"]
         verbs: ["get"]
         resources:
         - resources: ["nodes"]
       # Don't log kube-controller-manager and kube-scheduler getting endpoints
       - level: None
         users: ["system:unsecured"]
         namespaces: ["kube-system"]
         verbs: ["get"]
         resources:
         - resources: ["endpoints"]
       # Log everything else at the Request level.
       - level: Request
         omitStages:
         - RequestReceived
     description: |
       Audit policy passed to kube-apiserver via --audit-policy-file.
       For more info, please refer to the upstream documentation at
       https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
   audit-webhook-config:
     type: string
     default: ""
     description: |
       Audit webhook config passed to kube-apiserver via --audit-webhook-config-file.
       For more info, please refer to the upstream documentation at
       https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
   addons-registry:
     type: string
     default: ""
     description: Specify the docker registry to use when applying addons
   enable-dashboard-addons:
     type: boolean
     default: True
     description: Deploy the Kubernetes Dashboard and Heapster addons
   enable-kube-dns:
     type: boolean
     default: True
     description: Deploy kube-dns addon
   dns_domain:
     type: string
     default: cluster.local
     description: The local domain for cluster dns
   extra_sans:
     type: string
     default: ""
     description: |
       Space-separated list of extra SAN entries to add to the x509 certificate
       created for the master nodes.
   service-cidr:
     type: string
     default: 10.152.183.0/24
     description: CIDR to user for Kubernetes services. Cannot be changed after deployment.
   allow-privileged:
     type: string
     default: "auto"
     description: |
       Allow kube-apiserver to run in privileged mode. Supported values are
       "true", "false", and "auto". If "true", kube-apiserver will run in
       privileged mode by default. If "false", kube-apiserver will never run in
       privileged mode. If "auto", kube-apiserver will not run in privileged
       mode by default, but will switch to privileged mode if gpu hardware is
       detected on a worker node.
   enable-nvidia-plugin:
     type: string
     default: "auto"
     description: |
       Load the nvidia device plugin daemonset. Supported values are
       "auto" and "false". When "auto", the daemonset will be loaded
       only if GPUs are detected. When "false" the nvidia device plugin
       will not be loaded.
   channel:
     type: string
     default: "1.11/stable"
     description: |
       Snap channel to install Kubernetes master services from
   client_password:
     type: string
     default: ""
     description: |
       Password to be used for admin user (leave empty for random password).
   api-extra-args:
     type: string
     default: ""
     description: |
       Space separated list of flags and key=value pairs that will be passed as arguments to
       kube-apiserver. For example a value like this:
         runtime-config=batch/v2alpha1=true profiling=true
       will result in kube-apiserver being run with the following options:
         --runtime-config=batch/v2alpha1=true --profiling=true
   controller-manager-extra-args:
     type: string
     default: ""
     description: |
       Space separated list of flags and key=value pairs that will be passed as arguments to
       kube-controller-manager. For example a value like this:
         runtime-config=batch/v2alpha1=true profiling=true
       will result in kube-controller-manager being run with the following options:
         --runtime-config=batch/v2alpha1=true --profiling=true
   scheduler-extra-args:
     type: string
     default: ""
     description: |
       Space separated list of flags and key=value pairs that will be passed as arguments to
       kube-scheduler. For example a value like this:
         runtime-config=batch/v2alpha1=true profiling=true
       will result in kube-scheduler being run with the following options:
         --runtime-config=batch/v2alpha1=true --profiling=true
   authorization-mode:
     type: string
     default: "AlwaysAllow"
     description: |
       Comma separated authorization modes. Allowed values are
       "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".
   require-manual-upgrade:
     type: boolean
     default: true
     description: |
       When true, master nodes will not be upgraded until the user triggers
       it manually by running the upgrade action.
   storage-backend:
     type: string
     default: "auto"
     description: |
       The storage backend for kube-apiserver persistence. Can be "etcd2", "etcd3", or
       "auto". Auto mode will select etcd3 on new installations, or etcd2 on upgrades.
   enable-metrics:
     type: boolean
     default: true
     description: |
       If true the metrics server for Kubernetes will be deployed onto the cluster.
   snapd_refresh:
     default: "max"
     type: string
     description: |
       How often snapd handles updates for installed snaps. Setting an empty
       string will check 4x per day. Set to "max" to delay the refresh as long
       as possible. You may also set a custom string as described in the
       'refresh.timer' section here:
         https://forum.snapcraft.io/t/system-options/87
   default-storage:
     type: string
     default: "auto"
     description: |
       The storage class to make the default storage class. Allowed values are "auto",
       "none", "ceph-xfs", "ceph-ext4". Note: Only works in Kubernetes >= 1.10
	options:
	audit-policy:
	type: string
	default: \|
	apiVersion: audit.k8s.io/v1beta1
	kind: Policy
	rules:
	# Don't log read-only requests from the apiserver
	- level: None
	users: ["system:apiserver"]
	verbs: ["get", "list", "watch"]
	# Don't log kube-proxy watches
	- level: None
	users: ["system:kube-proxy"]
	verbs: ["watch"]
	resources:
	- resources: ["endpoints", "services"]
	# Don't log nodes getting their own status
	- level: None
	userGroups: ["system:nodes"]
	verbs: ["get"]
	resources:
	- resources: ["nodes"]
	# Don't log kube-controller-manager and kube-scheduler getting endpoints
	- level: None
	users: ["system:unsecured"]
	namespaces: ["kube-system"]
	verbs: ["get"]
	resources:
	- resources: ["endpoints"]
	# Log everything else at the Request level.
	- level: Request
	omitStages:
	- RequestReceived
	description: \|
	Audit policy passed to kube-apiserver via --audit-policy-file.
	For more info, please refer to the upstream documentation at
	https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
	audit-webhook-config:
	type: string
	default: ""
	description: \|
	Audit webhook config passed to kube-apiserver via --audit-webhook-config-file.
	For more info, please refer to the upstream documentation at
	https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
	addons-registry:
	type: string
	default: ""
	description: Specify the docker registry to use when applying addons
	enable-dashboard-addons:
	type: boolean
	default: True
	description: Deploy the Kubernetes Dashboard and Heapster addons
	enable-kube-dns:
	type: boolean
	default: True
	description: Deploy kube-dns addon
	dns_domain:
	type: string
	default: cluster.local
	description: The local domain for cluster dns
	extra_sans:
	type: string
	default: ""
	description: \|
	Space-separated list of extra SAN entries to add to the x509 certificate
	created for the master nodes.
	service-cidr:
	type: string
	default: 10.152.183.0/24
	description: CIDR to user for Kubernetes services. Cannot be changed after deployment.
	allow-privileged:
	type: string
	default: "auto"
	description: \|
	Allow kube-apiserver to run in privileged mode. Supported values are
	"true", "false", and "auto". If "true", kube-apiserver will run in
	privileged mode by default. If "false", kube-apiserver will never run in
	privileged mode. If "auto", kube-apiserver will not run in privileged
	mode by default, but will switch to privileged mode if gpu hardware is
	detected on a worker node.
	enable-nvidia-plugin:
	type: string
	default: "auto"
	description: \|
	Load the nvidia device plugin daemonset. Supported values are
	"auto" and "false". When "auto", the daemonset will be loaded
	only if GPUs are detected. When "false" the nvidia device plugin
	will not be loaded.
	channel:
	type: string
	default: "1.11/stable"
	description: \|
	Snap channel to install Kubernetes master services from
	client_password:
	type: string
	default: ""
	description: \|
	Password to be used for admin user (leave empty for random password).
	api-extra-args:
	type: string
	default: ""
	description: \|
	Space separated list of flags and key=value pairs that will be passed as arguments to
	kube-apiserver. For example a value like this:
	runtime-config=batch/v2alpha1=true profiling=true
	will result in kube-apiserver being run with the following options:
	--runtime-config=batch/v2alpha1=true --profiling=true
	controller-manager-extra-args:
	type: string
	default: ""
	description: \|
	Space separated list of flags and key=value pairs that will be passed as arguments to
	kube-controller-manager. For example a value like this:
	runtime-config=batch/v2alpha1=true profiling=true
	will result in kube-controller-manager being run with the following options:
	--runtime-config=batch/v2alpha1=true --profiling=true
	scheduler-extra-args:
	type: string
	default: ""
	description: \|
	Space separated list of flags and key=value pairs that will be passed as arguments to
	kube-scheduler. For example a value like this:
	runtime-config=batch/v2alpha1=true profiling=true
	will result in kube-scheduler being run with the following options:
	--runtime-config=batch/v2alpha1=true --profiling=true
	authorization-mode:
	type: string
	default: "AlwaysAllow"
	description: \|
	Comma separated authorization modes. Allowed values are
	"RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".
	require-manual-upgrade:
	type: boolean
	default: true
	description: \|
	When true, master nodes will not be upgraded until the user triggers
	it manually by running the upgrade action.
	storage-backend:
	type: string
	default: "auto"
	description: \|
	The storage backend for kube-apiserver persistence. Can be "etcd2", "etcd3", or
	"auto". Auto mode will select etcd3 on new installations, or etcd2 on upgrades.
	enable-metrics:
	type: boolean
	default: true
	description: \|
	If true the metrics server for Kubernetes will be deployed onto the cluster.
	snapd_refresh:
	default: "max"
	type: string
	description: \|
	How often snapd handles updates for installed snaps. Setting an empty
	string will check 4x per day. Set to "max" to delay the refresh as long
	as possible. You may also set a custom string as described in the
	'refresh.timer' section here:
	https://forum.snapcraft.io/t/system-options/87
	default-storage:
	type: string
	default: "auto"
	description: \|
	The storage class to make the default storage class. Allowed values are "auto",
	"none", "ceph-xfs", "ceph-ext4". Note: Only works in Kubernetes >= 1.10