Charmed-Kubernetes/kubernetes-worker/config.yaml

"options":
  "extra_packages":
    "description": >
      Space separated list of extra deb packages to install.      
    "type": "string"
    "default": ""
  "package_status":
    "default": "install"
    "type": "string"
    "description": >
      The status of service-affecting packages will be set to this
      value in the dpkg database. Valid values are "install" and "hold".      
  "install_sources":
    "description": >
      List of extra apt sources, per charm-helpers standard
      format (a yaml list of strings encoded as a string). Each source
      may be either a line that can be added directly to
      sources.list(5), or in the form ppa:<user>/<ppa-name> for adding
      Personal Package Archives, or a distribution component to enable.      
    "type": "string"
    "default": ""
  "install_keys":
    "description": >
      List of signing keys for install_sources package sources, per
      charmhelpers standard format (a yaml list of strings encoded as
      a string). The keys should be the full ASCII armoured GPG public
      keys. While GPG key ids are also supported and looked up on a
      keyserver, operators should be aware that this mechanism is
      insecure. null can be used if a standard package signing key is
      used that will already be installed on the machine, and for PPA
      sources where the package signing key is securely retrieved from
      Launchpad.      
    "type": "string"
    "default": ""
  "snapd_refresh":
    "default": "max"
    "type": "string"
    "description": |
      How often snapd handles updates for installed snaps. Setting an empty
      string will check 4x per day. Set to "max" to delay the refresh as long
      as possible. You may also set a custom string as described in the
      'refresh.timer' section here:
        https://forum.snapcraft.io/t/system-options/87      
  "nagios_context":
    "default": "juju"
    "type": "string"
    "description": |
      Used by the nrpe subordinate charms.
      A string that will be prepended to instance name to set the host name
      in nagios. So for instance the hostname would be something like:
          juju-myservice-0
      If you're running multiple environments with the same services in them
      this allows you to differentiate between them.      
  "nagios_servicegroups":
    "default": ""
    "type": "string"
    "description": |
      A comma-separated list of nagios servicegroups.
      If left empty, the nagios_context will be used as the servicegroup      
  "sysctl":
    "type": "string"
    "default": "{net.ipv4.conf.all.forwarding: 1, net.ipv4.conf.all.rp_filter: 1,\
      \ net.ipv4.neigh.default.gc_thresh1: 128, net.ipv4.neigh.default.gc_thresh2:\
      \ 28672, net.ipv4.neigh.default.gc_thresh3: 32768, net.ipv6.neigh.default.gc_thresh1:\
      \ 128, net.ipv6.neigh.default.gc_thresh2: 28672, net.ipv6.neigh.default.gc_thresh3:\
      \ 32768, fs.inotify.max_user_instances: 8192, fs.inotify.max_user_watches: 1048576,\
      \ kernel.panic: 10, kernel.panic_on_oops: 1, vm.overcommit_memory: 1}"
    "description": |
      YAML formatted associative array of sysctl values, e.g.:
      '{kernel.pid_max: 4194303}'. Note that kube-proxy handles
      the conntrack settings. The proper way to alter them is to
      use the proxy-extra-args config to set them, e.g.:
        juju config kubernetes-control-plane proxy-extra-args="conntrack-min=1000000 conntrack-max-per-core=250000"
        juju config kubernetes-worker proxy-extra-args="conntrack-min=1000000 conntrack-max-per-core=250000"
      The proxy-extra-args conntrack-min and conntrack-max-per-core can be set to 0 to ignore
      kube-proxy's settings and use the sysctl settings instead. Note the fundamental difference between
      the setting of conntrack-max-per-core vs nf_conntrack_max.      
  "proxy-extra-args":
    "type": "string"
    "default": ""
    "description": |
      Space separated list of flags and key=value pairs that will be passed as arguments to
      kube-proxy. For example a value like this:
        runtime-config=batch/v2alpha1=true profiling=true
      will result in kube-apiserver being run with the following options:
        --runtime-config=batch/v2alpha1=true --profiling=true      
  "kubelet-extra-args":
    "type": "string"
    "default": ""
    "description": |
      Space separated list of flags and key=value pairs that will be passed as arguments to
      kubelet. For example a value like this:
        runtime-config=batch/v2alpha1=true profiling=true
      will result in kubelet being run with the following options:
        --runtime-config=batch/v2alpha1=true --profiling=true
      Note: As of Kubernetes 1.10.x, many of Kubelet's args have been deprecated, and can
      be set with kubelet-extra-config instead.      
  "kubelet-extra-config":
    "default": "{}"
    "type": "string"
    "description": |
      Extra configuration to be passed to kubelet. Any values specified in this
      config will be merged into a KubeletConfiguration file that is passed to
      the kubelet service via the --config flag. This can be used to override
      values provided by the charm.

      Requires Kubernetes 1.10+.

      The value for this config must be a YAML mapping that can be safely
      merged with a KubeletConfiguration file. For example:
        {evictionHard: {memory.available: 200Mi}}

      For more information about KubeletConfiguration, see upstream docs:
      https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/      
  "labels":
    "type": "string"
    "default": ""
    "description": |
      Labels can be used to organize and to select subsets of nodes in the
      cluster. Declare node labels in key=value format, separated by spaces.      
  "ingress":
    "type": "boolean"
    "default": !!bool "true"
    "description": |
      Deploy the default http backend and ingress controller to handle
      ingress requests.

      Set to false if deploying an alternate ingress controller, and note
      that you may need to manually open ports 80 and 443 on the nodes:
        juju run --application kubernetes-worker -- open-port 80 && open-port 443      
  "channel":
    "type": "string"
    "default": "1.24/stable"
    "description": |
      Snap channel to install Kubernetes worker services from      
  "require-manual-upgrade":
    "type": "boolean"
    "default": !!bool "true"
    "description": |
      When true, worker services will not be upgraded until the user triggers
      it manually by running the upgrade action.      
  "ingress-default-ssl-certificate":
    "type": "string"
    "default": ""
    "description": |
      SSL certificate to be used by the default HTTPS server. If one of the
      flag ingress-default-ssl-certificate or ingress-default-ssl-key is not
      provided ingress will use a self-signed certificate. This parameter is
      specific to nginx-ingress-controller.      
  "ingress-default-ssl-key":
    "type": "string"
    "default": ""
    "description": |
      Private key to be used by the default HTTPS server. If one of the flag
      ingress-default-ssl-certificate or ingress-default-ssl-key is not
      provided ingress will use a self-signed certificate. This parameter is
      specific to nginx-ingress-controller.      
  "ingress-ssl-passthrough":
    "type": "boolean"
    "default": !!bool "false"
    "description": |
      Enable ssl passthrough on ingress server. This allows passing the ssl
      connection through to the workloads and not terminating it at the ingress
      controller.      
  "ingress-ssl-chain-completion":
    "type": "boolean"
    "default": !!bool "false"
    "description": |
      Enable chain completion for TLS certificates used by the nginx ingress
      controller.  Set this to true if you would like the ingress controller
      to attempt auto-retrieval of intermediate certificates.  The default
      (false) is recommended for all production kubernetes installations, and
      any environment which does not have outbound Internet access.      
  "ingress-use-forwarded-headers":
    "type": "boolean"
    "default": !!bool "false"
    "description": |
      If true, NGINX passes the incoming X-Forwarded-* headers to upstreams. Use this
      option when NGINX is behind another L7 proxy / load balancer that is setting
      these headers.

      If false, NGINX ignores incoming X-Forwarded-* headers, filling them with the
      request information it sees. Use this option if NGINX is exposed directly to
      the internet, or it's behind a L3/packet-based load balancer that doesn't alter
      the source IP in the packets.

      Reference: https://github.com/kubernetes/ingress-nginx/blob/a9c706be12a8be418c49ab1f60a02f52f9b14e55/
      docs/user-guide/nginx-configuration/configmap.md#use-forwarded-headers.      
  "nginx-image":
    "type": "string"
    "default": "auto"
    "description": |
      Docker image to use for the nginx ingress controller. Using "auto" will select
      an image based on architecture.

      Example:
        quay.io/kubernetes-ingress-controller/nginx-ingress-controller-amd64:0.32.0      
  "default-backend-image":
    "type": "string"
    "default": "auto"
    "description": |
      Docker image to use for the default backend. Auto will select an image
      based on architecture.