-
Notifications
You must be signed in to change notification settings - Fork 27
/
config.yaml
136 lines (129 loc) · 6.4 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
options:
channel:
type: string
default: "latest/edge"
description: |
Snap channel to install Kubernetes worker services from
ingress:
type: boolean
default: true
description: |
Deploy nginx-ingress-controller to handle Ingress resources. When set to
true, the unit will open ports 80 and 443 to make the nginx-ingress-controller
endpoint accessible.
ingress-default-ssl-certificate:
type: string
default: ""
description: |
SSL certificate to be used by the default HTTPS server. If one of the
flag ingress-default-ssl-certificate or ingress-default-ssl-key is not
provided ingress will use a self-signed certificate. This parameter is
specific to nginx-ingress-controller.
ingress-default-ssl-key:
type: string
default: ""
description: |
Private key to be used by the default HTTPS server. If one of the flag
ingress-default-ssl-certificate or ingress-default-ssl-key is not
provided ingress will use a self-signed certificate. This parameter is
specific to nginx-ingress-controller.
ingress-ssl-chain-completion:
type: boolean
default: false
description: |
Enable chain completion for TLS certificates used by the nginx ingress
controller. Set this to true if you would like the ingress controller
to attempt auto-retrieval of intermediate certificates. The default
(false) is recommended for all production kubernetes installations, and
any environment which does not have outbound Internet access.
ingress-ssl-passthrough:
type: boolean
default: false
description: |
Enable ssl passthrough on ingress server. This allows passing the ssl
connection through to the workloads and not terminating it at the ingress
controller.
ingress-use-forwarded-headers:
type: boolean
default: false
description: |
If true, NGINX passes the incoming X-Forwarded-* headers to upstreams. Use this
option when NGINX is behind another L7 proxy / load balancer that is setting
these headers.
If false, NGINX ignores incoming X-Forwarded-* headers, filling them with the
request information it sees. Use this option if NGINX is exposed directly to
the internet, or it's behind a L3/packet-based load balancer that doesn't alter
the source IP in the packets.
Reference: https://github.com/kubernetes/ingress-nginx/blob/a9c706be12a8be418c49ab1f60a02f52f9b14e55/
docs/user-guide/nginx-configuration/configmap.md#use-forwarded-headers.
kubelet-extra-args:
type: string
default: ""
description: |
Space separated list of flags and key=value pairs that will be passed as arguments to
kubelet. For example a value like this:
runtime-config=batch/v2alpha1=true profiling=true
will result in kubelet being run with the following options:
--runtime-config=batch/v2alpha1=true --profiling=true
kubelet-extra-config:
default: "{}"
type: string
description: |
Extra configuration to be passed to kubelet. Any values specified in this
config will be merged into a KubeletConfiguration file that is passed to
the kubelet service via the --config flag. This can be used to override
values provided by the charm.
The value for this config must be a YAML mapping that can be safely
merged with a KubeletConfiguration file. For example:
{evictionHard: {memory.available: 200Mi}}
For more information about KubeletConfiguration, see upstream docs:
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/
labels:
type: string
default: ""
description: |
Labels can be used to organize and to select subsets of nodes in the
cluster. Declare node labels in key=value format, separated by spaces.
nginx-image:
type: string
default: "auto"
description: |
Container image to use for the nginx ingress controller. Using "auto" will select
an image based on architecture.
Example:
quay.io/kubernetes-ingress-controller/nginx-ingress-controller-amd64:0.32.0
proxy-extra-args:
type: string
default: ""
description: |
Space separated list of flags and key=value pairs that will be passed as arguments to
kube-proxy. For example a value like this:
runtime-config=batch/v2alpha1=true profiling=true
will result in kube-apiserver being run with the following options:
--runtime-config=batch/v2alpha1=true --profiling=true
proxy-extra-config:
default: "{}"
type: string
description: |
Extra configuration to be passed to kube-proxy. Any values specified in
this config will be merged into a KubeProxyConfiguration file that is
passed to the kube-proxy service via the --config flag. This can be used
to override values provided by the charm.
The value for this config must be a YAML mapping that can be safely
merged with a KubeProxyConfiguration file. For example:
{mode: ipvs, ipvs: {strictARP: true}}
For more information about KubeProxyConfiguration, see upstream docs:
https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/
sysctl:
type: string
default: "{net.ipv4.conf.all.forwarding: 1, net.ipv4.conf.all.rp_filter: 1, net.ipv4.neigh.default.gc_thresh1: 128, net.ipv4.neigh.default.gc_thresh2: 28672, net.ipv4.neigh.default.gc_thresh3: 32768, net.ipv6.neigh.default.gc_thresh1: 128, net.ipv6.neigh.default.gc_thresh2: 28672, net.ipv6.neigh.default.gc_thresh3: 32768, fs.inotify.max_user_instances: 8192, fs.inotify.max_user_watches: 1048576, kernel.panic: 10, kernel.panic_on_oops: 1, vm.overcommit_memory: 1}"
description: |
YAML formatted associative array of sysctl values, e.g.:
'{kernel.pid_max: 4194303}'. Note that kube-proxy handles
the conntrack settings. The proper way to alter them is to
use the proxy-extra-args config to set them, e.g.:
juju config kubernetes-control-plane proxy-extra-args="conntrack-min=1000000 conntrack-max-per-core=250000"
juju config kubernetes-worker proxy-extra-args="conntrack-min=1000000 conntrack-max-per-core=250000"
The proxy-extra-args conntrack-min and conntrack-max-per-core can be set to 0 to ignore
kube-proxy's settings and use the sysctl settings instead. Note the fundamental difference between
the setting of conntrack-max-per-core vs nf_conntrack_max.