Cloud provider — OpenStack: provider configuration

Required value

Allowed values: deckhouse.io/v1, deckhouse.io/v1alpha1

Required value

Allowed values: OpenStackClusterConfiguration

Required value

Required value

• masterNodeGroup.instanceClassobject

  Required value

  Partial contents of the fields of the OpenStackInstanceClass.

  • masterNodeGroup.instanceClass.additionalSecurityGroupsarray of strings

    Security groups that will be applied to VM’s network ports in addition to security groups set in a cloud provider configuration.

    They allow you to set firewall rules for provisioned instances.

    The SecurityGroups may not be supported by the cloud provider.

  • masterNodeGroup.instanceClass.additionalTagsobject

    The additional tags to attach to the instances created (in addition to those specified in the cloud provider configuration).

    Example:

    additionalTags:
      project: cms-production
      severity: critical
    

  • masterNodeGroup.instanceClass.etcdDiskSizeGbinteger

    Etcd disk size in gigabytes.

    Default: 10

    Example:

    etcdDiskSizeGb: 10
    

  • masterNodeGroup.instanceClass.flavorNamestring

    Required value

    Flavor of OpenStack servers.

    Get a list of all available flavors: openstack flavor list.

    For all non-master nodes it is advisable to use flavor’s with a local disk. If cloud provider supports local disks they are usually faster and cheaper. The disadvantage of using such flavors is the inability to migrate nodes between hypervisors.

    Flavor create example: openstack flavor create c4m8d50 --ram 8192 --disk 50 --vcpus 4

  • masterNodeGroup.instanceClass.imageNamestring

    Required value

    Image to use while provisioning OpenStack servers.

    Use this command to get a list of available images: openstack image list.

    Caution! Currently, only Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Centos 7, Centos 8, Centos 9, Debian 9, Debian 10, Debian 11 are supported and tested to work.

  • masterNodeGroup.instanceClass.rootDiskSizeinteger

    The size of a root disk (in gigabytes).

    This parameter also has influence on type of volume that will be used for root disk; the “How to use rootDiskSize and when it is preferred” section describes how to use it.

• masterNodeGroup.replicasinteger

  Required value

  The number of master nodes to create. It is important to have an odd number of masters to ensure a quorum.

  Allowed values: 1 <= X

• masterNodeGroup.volumeTypeMapobject

  Required value

  A dictionary of disk types for storing etcd data and Kubernetes configuration files.

  Format of dictionary elements: <AVAILABILITY ZONE>: <VOLUME TYPE> (see the example).

  If the rootDiskSize parameter is specified, the same disk type will be used for the VM’s boot drive.

  We recommend using the fastest disks provided by the provider in all cases.

  If the value specified in replicas exceeds the number of elements in the dictionary, the master nodes whose number exceeds the length of the dictionary get the values starting from the beginning of the dictionary. For example, if replicas: 5, then master-0, master-2, master-4 will have the fast-eu-1a disk type, while master-1, master-3 will have the fast-eu-1b disk type.

  Useful commands:

  • openstack availability zone list — get list of availability zones.
  • openstack volume type list — get list of volume types.

  Example:

  volumeTypeMap:
    eu-1a: fast-eu-1a
    eu-1b: fast-eu-1b
  

• nodeGroups.instanceClassobject

  Partial contents of the fields of the OpenStackInstanceClass.

  • nodeGroups.instanceClass.additionalNetworksarray of strings

    Paths to networks that VirtualMachines’ secondary NICs will connect to. Get a list of all available networks: openstack network list.

    Example:

    additionalNetworks:
    - BGP-network-VLAN-3894
    - External-VLAN-3699
    

  • nodeGroups.instanceClass.additionalSecurityGroupsarray of strings

    Security groups that will be applied to VM’s network ports in addition to security groups set in a cloud provider configuration.

    They allow you to set firewall rules for provisioned instances.

    The SecurityGroups may not be supported by the cloud provider.

  • nodeGroups.instanceClass.additionalTagsobject

    The additional tags to attach to the instances created (in addition to those specified in the cloud provider configuration).

    Example:

    additionalTags:
      project: cms-production
      severity: critical
    

  • nodeGroups.instanceClass.configDriveboolean

    Not required value.

    Specifies whether an additional disk containing the bootstrapping configuration will be mounted to the node.

    You must set it if DHCP is disabled in the mainNetwork.

    Default: false

  • nodeGroups.instanceClass.flavorNamestring

    Required value

    Flavor of OpenStack servers.

    Get a list of all available flavors: openstack flavor list.

    For all non-master nodes it is advisable to use flavor’s with a local disk. If cloud provider supports local disks they are usually faster and cheaper. The disadvantage of using such flavors is the inability to migrate nodes between hypervisors.

    Flavor create example: openstack flavor create c4m8d50 --ram 8192 --disk 50 --vcpus 4

  • nodeGroups.instanceClass.floatingIPPoolsarray of strings

    A list of networks to assign Floating IPs to nodes.

  • nodeGroups.instanceClass.imageNamestring

    Required value

    Image to use while provisioning OpenStack servers.

    Use this command to get a list of available images: openstack image list.

    Caution! Currently, only Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Centos 7, Centos 8, Centos 9, Debian 9, Debian 10, Debian 11 are supported and tested to work.

  • nodeGroups.instanceClass.mainNetworkstring

    Required value

    Path to the network that VirtualMachines’ primary NICs will connect to (default gateway). Get a list of all available networks: openstack network list.

  • nodeGroups.instanceClass.networksWithSecurityDisabledarray of strings

    A list of mainNetwork and additionalNetworks in which SecurityGroups and AllowedAddressPairs on ports CANNOT be configured.

  • nodeGroups.instanceClass.rootDiskSizeinteger

    The size of a root disk (in gigabytes).

    This parameter also has influence on type of volume that will be used for root disk; the “How to use rootDiskSize and when it is preferred” section describes how to use it.

• nodeGroups.namestring

  The name of the NodeGroup to use for generating node names.

• nodeGroups.nodeTemplate

  Parameters of Node objects in Kubernetes to add after registering the node.

  • nodeGroups.nodeTemplate.annotationsobject

    The same as the metadata.annotations standard field.

    Example:

    annotations:
      ai.fleet.com/discombobulate: "true"
    

  • nodeGroups.nodeTemplate.labelsobject

    A list of labels to attach to cluster resources.

    The same as the metadata.labels standard field.

    Note that you have to re-create all the machines to add new tags if tags were modified in the running cluster.

    Example:

    labels:
      environment: production
      app: warp-drive-ai
    

  • nodeGroups.nodeTemplate.taintsarray of objects

    The same as the .spec.taints field of the Node object.

    Caution! Only the effect, key, values fields are available.

    Example:

    taints:
    - effect: NoExecute
      key: ship-class
      value: frigate
    

    • nodeGroups.nodeTemplate.taints.effectstring

      Allowed values: NoSchedule, PreferNoSchedule, NoExecute

    • nodeGroups.nodeTemplate.taints.keystring
    • nodeGroups.nodeTemplate.taints.valuestring
• nodeGroups.replicasinteger

  The number of nodes to create.

• nodeGroups.volumeTypeMapobject

  A dictionary of disk types for root drive.

  Format of dictionary elements: <AVAILABILITY ZONE>: <VOLUME TYPE> (see the example).

  If the value specified in replicas exceeds the number of elements in the dictionary, the nodes whose number exceeds the length of the dictionary get the values starting from the beginning of the dictionary. For example, if replicas: 5, then worker-0, worker-2, worker-4 will have the fast-eu-1a disk type, while worker-1, worker-3 will have the fast-eu-1b disk type.

  Useful commands:

  • openstack availability zone list — get list of availability zones.
  • openstack volume type list — get list of volume types.

  Example:

  volumeTypeMap:
    eu-1a: fast-eu-1a
    eu-1b: fast-eu-1b
  

• nodeGroups.zonesarray of strings

  Not required value.

  A limited set of zones in which nodes can be created.

Required value

• provider.authURLstring

  An OpenStack Identity API URL.

• provider.caCertstring

  Specify the CA x509 certificate used for signing if the OpenStack API has a self-signed certificate. Certificate should be passed in PEM format as multiline string.

  Example:

  caCert: |
    -----BEGIN CERTIFICATE-----
    MIIFyDCCBLCgAwIBAgIQBwDIWH1asdaKNaALUa4NUzANBgkqhkiG9w0BAQsFADBc
    ...
    -----END CERTIFICATE-----
  

• provider.domainNamestring

  The domain name.

  OS_USER_DOMAIN_NAME variable from the openrc file.

• provider.passwordstring

  The user’s password.

• provider.regionstring

  The OpenStack region where the cluster will be deployed.

• provider.tenantIDstring

  The project id.

  Cannot be used together with tenantName.

• provider.tenantNamestring

  The project name.

  Cannot be used together with tenantID.

• provider.usernamestring

  The name of the user that has full project privileges.

• simple.externalNetworkDHCPboolean

  This parameter defines if DHCP is enabled in the external network.

  Default: true

• simple.externalNetworkNamestring

  Required value

  The name of the network for external connections. Get a list of all available networks: openstack network list.

• simple.podNetworkModestring

  Sets the traffic mode for the network that the pods use to communicate with each other (usually, it is an internal network; however, there can be exceptions):

  • DirectRouting — nodes are directly routed (SecurityGroups are disabled in this mode).
  • VXLAN — direct routing does NOT work between nodes, VXLAN must be used (SecurityGroups are disabled in this mode).

  Caution! After changing this parameter, you need to run dhctl converge.

  Caution! All cluster nodes must be rebooted after switching work mode from/to VXLAN.

  Default: "VXLAN"

  Allowed values: VXLAN, DirectRouting

• simpleWithInternalNetwork.externalNetworkNamestring

  The name of the network for external connections. Get a list of all available networks: openstack network list.

• simpleWithInternalNetwork.internalSubnetNamestring

  Required value

  The name of the subnet in which the cluster nodes will run.

• simpleWithInternalNetwork.masterWithExternalFloatingIPboolean

  Defines if Floating IP must be assigned to master nodes.

  Default: true

• simpleWithInternalNetwork.podNetworkModestring

  Sets the traffic mode for the network that the pods use to communicate with each other (usually, it is an internal network; however, there can be exceptions):

  • DirectRouting — nodes are directly routed (SecurityGroups are disabled in this mode).
  • DirectRoutingWithPortSecurityEnabled — direct routing is enabled between the nodes, but only if the range of addresses of the internal network is explicitly allowed in OpenStack for Ports:
    • Caution! Make sure that the username can edit AllowedAddressPairs on Ports connected to the internalNetworkName network. Usually, an OpenStack user doesn’t have such a privilege if the network has the shared flag set.
  • VXLAN — direct routing does NOT work between nodes, VXLAN must be used (SecurityGroups are disabled in this mode).

  Caution! After changing this parameter, you need to run dhctl converge.

  Caution! All cluster nodes must be rebooted after switching work mode from/to VXLAN.

  Default: "DirectRoutingWithPortSecurityEnabled"

  Allowed values: VXLAN, DirectRouting, DirectRoutingWithPortSecurityEnabled

Required value

• standard.bastionobject

  The definition of the bastion instance.

  • standard.bastion.instanceClassobject

    Partial contents of the fields of the OpenStackInstanceClass.

    • standard.bastion.instanceClass.additionalTagsobject

      The additional tags to attach to the instance created (in addition to those specified in the cloud provider configuration).

      Example:

      additionalTags:
        project: cms-production
        severity: critical
      

    • standard.bastion.instanceClass.flavorNamestring

      Required value

      Flavor of OpenStack servers.

      Get a list of all available flavors: openstack flavor list.

    • standard.bastion.instanceClass.imageNamestring

      Required value

      Image to use while provisioning OpenStack servers.

      Use this command to get a list of available images: openstack image list.

      Caution! Currently, only Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Centos 7, Centos 8, Debian 9, Debian 10, Debian 11 are supported and tested to work.

    • standard.bastion.instanceClass.rootDiskSizeinteger

      The size of a root disk (in gigabytes).

      This parameter also has influence on type of volume that will be used for root disk; the “How to use rootDiskSize and when it is preferred” section describes how to use it.

  • standard.bastion.volumeTypestring

    Root disk type.

  • standard.bastion.zonestring

    The zone to create an instance for the bastion node.

• standard.externalNetworkNamestring

  Required value

  The name of the network for external connections. Get a list of all available networks: openstack network list.

• standard.internalNetworkCIDRstring

  Required value

  Routing for the internal cluster network.

  Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

• standard.internalNetworkDNSServersarray of strings

  Required value

  A list of addresses of the recursive DNSs of the internal cluster network.

  • Element of the arraystring

    Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$

• standard.internalNetworkSecurityboolean

  Defines whether SecurityGroups and AllowedAddressPairs must be configured for ports of the internal network.

  Default: true

• standardWithNoRouter.externalNetworkDHCPboolean

  This parameter defines if DHCP is enabled in the external network.

  Default: true

• standardWithNoRouter.externalNetworkNamestring

  Required value

  The name of the network for external connections. Get a list of all available networks: openstack network list.

• standardWithNoRouter.internalNetworkCIDRstring

  Required value

  Routing for the internal cluster network.

  Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

• standardWithNoRouter.internalNetworkSecurityboolean

  Defines whether SecurityGroups and AllowedAddressPairs must be configured for ports of the internal network.

  Default: true

Not required value.

Not required value.