fixed branch and changed values to true

cluster/juju/layers/kubernetes-master/config.yaml

@@ -23,14 +23,14 @@ options:
     description: CIDR to user for Kubernetes services. Cannot be changed after deployment.
   allow-privileged:
     type: string
-    default: "auto"
+    default: "true"
     description: |
       Allow kube-apiserver to run in privileged mode. Supported values are
       "true", "false", and "auto". If "true", kube-apiserver will run in
       privileged mode by default. If "false", kube-apiserver will never run in
       privileged mode. If "auto", kube-apiserver will not run in privileged
       mode by default, but will switch to privileged mode if gpu hardware is
-      detected on a worker node.
+      detected on a worker node. 
   enable-nvidia-plugin:
     type: string
     default: "auto"
@@ -82,6 +82,11 @@ options:
     description: |
       Comma separated authorization modes. Allowed values are
       "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".
+  cluster-context:
+    type: string
+    default: ""
+    description: |
+      When specified, the juju model name will be overridden in the kube config. 
   require-manual-upgrade:
     type: boolean
     default: true

cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py

@@ -1000,10 +1000,16 @@ def build_kubeconfig(server):
     if ca_exists and client_pass:
         # Create an absolute path for the kubeconfig file.
         kubeconfig_path = os.path.join(os.sep, 'home', 'ubuntu', 'config')
+        # set context_name based on combination of modelname and userinput
+        context_name =  hookenv.config('cluster-context')
+        if not context_name:
+          context_name = 'cdk-'+os.environ['JUJU_MODEL_NAME'] 
+        else:
+          context_name = 'cdk-'+context_name
         # Create the kubeconfig on this system so users can access the cluster.
-
+        create_kubeconfig(kubeconfig_path, server, ca, user=context_name+'-admin', 
-        create_kubeconfig(kubeconfig_path, server, ca,
+                          context=context_name+'-context',
-                          user='admin', password=client_pass)
+                          cluster=context_name,password=client_pass)
         # Make the config file readable by the ubuntu users so juju scp works.
         cmd = ['chown', 'ubuntu:ubuntu', kubeconfig_path]
         check_call(cmd)

cluster/juju/layers/kubernetes-worker/config.yaml

@@ -13,13 +13,14 @@ options:
       cluster. Declare node labels in key=value format, separated by spaces.
   allow-privileged:
     type: string
-    default: true
+    default: "true"
     description: |
       Allow privileged containers to run on worker nodes. Supported values are
       "true", "false", and "auto". If "true", kubelet will run in privileged
       mode by default. If "false", kubelet will never run in privileged mode.
       If "auto", kubelet will not run in privileged mode by default, but will
-      switch to privileged mode if gpu hardware is detected.
+      switch to privileged mode if gpu hardware is detected. Pod security
+      policies (PSP) should be used to restrict container privileges.
   channel:
     type: string
     default: "1.10/stable"