Skip to content
master-worker control interface for Kubernetes
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

kube-control interface

This interface provides communication between master and workers in a Kubernetes cluster.

Provides (kubernetes-master side)


  • kube-control.connected

    Enabled when a worker has joined the relation.

  • kube-control.gpu.available

    Enabled when any worker has indicated that it is running in gpu mode.

  • kube-control.departed

    Enabled when any worker has indicated that it is leaving the cluster.

  • kube-control.auth.requested

    Enabled when an authentication credential is requested. This state is temporary and will be removed once the units authentication request has been fulfilled.


  • kube_control.set_dns(port, domain, sdn_ip)

    Sends DNS info to the connected worker(s).

  • kube_control.auth_user()

    Returns a list of the requested username and group requested for authentication.

  • kube_control.sign_auth_request(scope, user, kubelet_token, proxy_token, client_token)

    Sends authentication tokens to the unit scope for the requested user and kube-proxy services.

  • kube_control.set_cluster_tag(cluster_tag)

    Sends a tag used to identify resources that are part of the cluster to the connected worker(s).

  • kube_control.flush_departed()

    Returns the unit departing the kube_control relationship so you can do any post removal cleanup. Such as removing authentication tokens for the unit. Invoking this method will also remove the kube-control.departed state

  • kube_control.set_registry_location(registry_location) Sends the container image registry location to the connected worker(s).


def send_dns(kube_control):
    # send port, domain, sdn_ip to the remote side
    kube_control.set_dns(53, "cluster.local", "")

def on_gpu_available(kube_control):
    # The remote side is gpu-enable, handle it somehow
    assert kube_control.get_gpu() == True

def flush_auth_for_departed(kube_control):
    ''' Unit has left the cluster and needs to have its authentication
    tokens removed from the token registry '''
    departing_unit = kube_control.flush_departed()

Requires (kubernetes-worker side)


  • kube-control.connected

    Enabled when a master has joined the relation.

  • kube-control.dns.available

    Enabled when DNS info is available from the master.

  • kube-control.auth.available

    Enabled when authentication credentials are present from the master.

  • kube-control.cluster_tag.available

    Enabled when cluster tag is present from the master.

  • kube-control.registry_location.available

    Enabled when registry location is present from the master.


  • kube_control.get_dns()

    Returns a dictionary of DNS info sent by the master. The keys in the dict are: domain, private-address, sdn-ip, port.

  • kube_control.set_gpu(enabled=True)

    Tell the master that we are gpu-enabled.

  • kube_control.get_auth_credentials(user)

Returns a dict with the users authentication credentials.

  • set_auth_request(kubelet, group='system:nodes')

Issue an authentication request against the master to receive token based auth credentials in return.

  • kube_control.get_cluster_tag()

    Returns the cluster tag provided by the master.

  • kube_control.get_registry_location()

    Returns the container image registry location provided by the master.


def on_dns_available(kube_control):
    # Remote side has sent DNS info
    dns = kube_control.get_dns()

def send_gpu(kube_control):
    # Tell the master that we're gpu-enabled

def display_auth_tokens(kube_control):
    # Remote side has sent auth info
    auth = kube_control.get_auth_credentials('root')

def request_auth_credentials(kube_control):
    # Request an admin user with sudo level access named 'root'
    kube_control.set_auth_request('root', group='system:masters')
You can’t perform that action at this time.