Available in editions:  EE

The module is automatically enabled for all cloud clusters deployed in OpenStack.

You can configure the number and parameters of ordering machines in the cloud via the NodeGroup custom resource of the node-manager module. Also, in this custom resource, you can specify the instance class’s name for the above group of nodes (the cloudInstances.ClassReference NodeGroup parameter). In the case of the OpenStack-based cloud provider, the instance class is the OpenStackInstanceClass custom resource that stores specific parameters of the machines.

The module settings are set automatically based on the placement strategy chosen. In most cases, you do not have to configure the module manually.

If you need to configure a module because, say, you have a bare metal cluster and you need to enable additional instances from vSphere, then refer to the How to configure a Hybrid cluster in vSphere section.

Note! If the parameters provided below are changed, the existing Machines are NOT redeployed (new Machines will be created with the updated parameters). Redeployment is only performed when NodeGroup and OpenStackInstanceClass parameters are changed. You can learn more in the node-manager module’s documentation. To authenticate using the user-authn module, you need to create a new Generic application in the project’s Crowd.

List of required OpenStack services

A list of OpenStack services required for Deckhouse Kubernetes Platform to work in OpenStack:

Service API Version
Identity (Keystone) v3
Compute (Nova) v2
Network (Neutron) v2
Block Storage (Cinder) v3
Load Balancing (Octavia) ⃰ v2

⃰  If you need to order a Load Balancer.

To ensure proper integration and functionality, the OpenStack user associated with the Deckhouse Kubernetes Platform should be granted the “member” role. This role assignment is essential to provide the necessary permissions for interacting with the listed services and managing resources within the OpenStack environment.

Settings

The module is configured using the ModuleConfig custom resource named cloud-provider-openstack (learn more about setting up Deckhouse…).

Example of the ModuleConfig/cloud-provider-openstack resource for configuring the module:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: cloud-provider-openstack
spec:
  version: 1
  enabled: true
  settings: # <-- Module parameters from the "Parameters" section below.

Parameters

Schema version: 1

  • settings
    object
    • settings.additionalExternalNetworkNames
      array of strings

      Specifies additional networks that can be connected to the VM. cloud-controller-manager uses them to insert ExternalIP to .status.addresses field in the Node API object.

      If you have instances in the cluster that use External Networks (other than those set out in the placement strategy), you must pass them via the additionalExternalNetworkNames parameter.

      Example:

      additionalExternalNetworkNames:
- some-bgp-network
    • settings.connection
      object

      This section contains parameters required to connect to the cloud provider’s API.

      • settings.connection.authURL
        string

        An OpenStack Identity API URL.

      • settings.connection.caCert
        string

        Specify the CA x509 certificate used for signing if the OpenStack API has a self-signed certificate; The certificate must have a PEM format.

      • settings.connection.domainName
        string

        The domain name.

      • settings.connection.password
        string

        The user’s password.

      • settings.connection.region
        string

        The OpenStack region where the cluster will be deployed.

      • settings.connection.tenantID
        string

        The project ID. Cannot be used together with tenantName.

      • settings.connection.tenantName
        string

        The project name.

        Cannot be used together with tenantID.

      • settings.connection.username
        string

        The name of the user that has full project privileges.

    • settings.externalNetworkNames
      array of strings

      Additional networks that are connected to the VM. cloud-controller-manager uses them to insert ExternalIPs into .status.addresses in the Node API object.

      Example:

      externalNetworkNames:
- KUBE-3
- devops-internal
    • settings.ignoreVolumeMicroversion
      boolean

      Setting for backwards compatibility. Enable if the cloud OpenStack version is less than 3.34 and you get error “Version 3.34 is not supported by the API. Minimum is 3.0 and maximum is 3.x” when ordering a PV. This will disable volumes online resize, but will restore ability to order new PVs. (original PR https://github.com/kubernetes/cloud-provider-openstack/pull/1986/)

      Default: false

    • settings.instances
      object

      Instance parameters that are used when creating virtual machines.

      • settings.instances.additionalNetworks
        array of strings

        A list of networks to connect to the instance.

      • settings.instances.imageName
        string

        The name of the image.

      • settings.instances.mainNetwork
        string

        The path to the network that will serve as the primary network (the default gateway) for connecting to the VM.

      • settings.instances.securityGroups
        array of strings

        A list of securityGroups to assign to the provisioned instances. Defines firewall rules for the provisioned instances.

      • settings.instances.sshKeyPairName
        string

        The name of the OpenStack keypair resource; it is used for provisioning instances.

    • settings.internalNetworkNames
      array of strings

      Additional networks that are connected to the VM. cloud-controller-manager uses them to insert InternalIPs into .status.addresses in the Node API object.

      Example:

      internalNetworkNames:
- KUBE-3
- devops-internal
    • settings.loadBalancer
      object

      Load Balancer parameters.

      • settings.loadBalancer.floatingNetworkID
        string

        An ID of the external network for floating IPs.

      • settings.loadBalancer.subnetID
        string

        An ID of the Neutron subnet to create the load balancer virtual IP in.

    • settings.podNetworkMode
      string

      Sets the traffic mode for the network that the pods use to communicate with each other (usually, it is an internal network; however, there can be exceptions):

      • DirectRouting — means that there is a direct routing between the nodes.
      • DirectRoutingWithPortSecurityEnabled — direct routing is enabled between the nodes, but only if the range of addresses of the internal network is explicitly allowed in OpenStack for Ports.
        • Caution! Make sure that the username can edit AllowedAddressPairs on Ports connected to the internalNetworkName network. Generally, an OpenStack user doesn’t have such a privilege if the network has the shared flag set.
      • VXLAN — direct routing between the nodes isn’t available; VXLAN should be used.

      Allowed values: DirectRouting, DirectRoutingWithPortSecurityEnabled, VXLAN

    • settings.storageClass
      object

      The module automatically creates StorageClasses that are available in OpenStack.

      • settings.storageClass.default
        Deprecated
        string

        The name of StorageClass that will be used in the cluster by default.

        If the parameter is omitted, the default StorageClass is either:

        • an arbitrary StorageClass present in the cluster that has the default annotation;
        • the first (in lexicographic order) StorageClass created by the module (in accordance with the order in OpenStack).

        Parameter is deprecated. Instead, use the global parameter global.defaultClusterStorageClass.

        Example:

        default: ceph-ssd
      • settings.storageClass.exclude
        array of strings

        A list of StorageClass names (or regex expressions for names) to exclude from the creation in the cluster.

        Example:

        exclude:
- ".*-hdd"
- iscsi-fast
      • settings.storageClass.topologyEnabled
        boolean

        This feature enables driver to consider the topology constraints while creating the volume. It is used only during volume provisioning, existing PersistentVolumes are not affected.

        Warning. If it is set to false all-new PersistentVolumes are provisioned without topology constraints.

        Default: true

    • settings.tags
      object

      A dictionary of tags that will be available on all provisioned instances.

    • settings.zones
      array of strings

      The default list of zones for provisioning instances. Can be redefined for each NodeGroup individually.