fixed branch and changed values to true

2025-08-14 06:15:45 +00:00 · 2018-06-01 18:03:11 +01:00 · 2018-06-01 18:03:11 +01:00 · 7322f7f137
commit 7322f7f137
parent ccb4acda6a
3 changed files with 19 additions and 7 deletions
--- a/cluster/juju/layers/kubernetes-master/config.yaml
+++ b/cluster/juju/layers/kubernetes-master/config.yaml
@ -23,14 +23,14 @@ options:
    description: CIDR to user for Kubernetes services. Cannot be changed after deployment.
  allow-privileged:
    type: string
-    default: "auto"
+    default: "true"
    description: |
      Allow kube-apiserver to run in privileged mode. Supported values are
      "true", "false", and "auto". If "true", kube-apiserver will run in
      privileged mode by default. If "false", kube-apiserver will never run in
      privileged mode. If "auto", kube-apiserver will not run in privileged
      mode by default, but will switch to privileged mode if gpu hardware is
-      detected on a worker node.
+      detected on a worker node. 
  enable-nvidia-plugin:
    type: string
    default: "auto"
@ -82,6 +82,11 @@ options:
    description: |
      Comma separated authorization modes. Allowed values are
      "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".
+  cluster-context:
+    type: string
+    default: ""
+    description: |
+      When specified, the juju model name will be overridden in the kube config. 
  require-manual-upgrade:
    type: boolean
    default: true
--- a/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py
+++ b/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py
@ -1000,10 +1000,16 @@ def build_kubeconfig(server):
    if ca_exists and client_pass:
        # Create an absolute path for the kubeconfig file.
        kubeconfig_path = os.path.join(os.sep, 'home', 'ubuntu', 'config')
+        # set context_name based on combination of modelname and userinput
+        context_name =  hookenv.config('cluster-context')
+        if not context_name:
+          context_name = 'cdk-'+os.environ['JUJU_MODEL_NAME'] 
+        else:
+          context_name = 'cdk-'+context_name
        # Create the kubeconfig on this system so users can access the cluster.
-
-        create_kubeconfig(kubeconfig_path, server, ca,
-                          user='admin', password=client_pass)
+        create_kubeconfig(kubeconfig_path, server, ca, user=context_name+'-admin', 
+                          context=context_name+'-context',
+                          cluster=context_name,password=client_pass)
        # Make the config file readable by the ubuntu users so juju scp works.
        cmd = ['chown', 'ubuntu:ubuntu', kubeconfig_path]
        check_call(cmd)
--- a/cluster/juju/layers/kubernetes-worker/config.yaml
+++ b/cluster/juju/layers/kubernetes-worker/config.yaml
@ -13,13 +13,14 @@ options:
      cluster. Declare node labels in key=value format, separated by spaces.
  allow-privileged:
    type: string
-    default: true
+    default: "true"
    description: |
      Allow privileged containers to run on worker nodes. Supported values are
      "true", "false", and "auto". If "true", kubelet will run in privileged
      mode by default. If "false", kubelet will never run in privileged mode.
      If "auto", kubelet will not run in privileged mode by default, but will
-      switch to privileged mode if gpu hardware is detected.
+      switch to privileged mode if gpu hardware is detected. Pod security
+      policies (PSP) should be used to restrict container privileges.
  channel:
    type: string
    default: "1.10/stable"