This feature is available in Enterprise Edition only.

The module is automatically enabled for all cloud clusters deployed in OpenStack.

You can configure the number and parameters of ordering machines in the cloud via the NodeGroup custom resource of the node-manager module. Also, in this custom resource, you can specify the instance class’s name for the above group of nodes (the cloudInstances.ClassReference NodeGroup parameter). In the case of the OpenStack-based cloud provider, the instance class is the OpenStackInstanceClass custom resource that stores specific parameters of the machines.

The module settings are set automatically based on the placement strategy chosen. In most cases, you do not have to configure the module manually.

If you need to configure a module because, say, you have a bare metal cluster and you need to enable additional instances from vSphere, then refer to the How to configure a Hybrid cluster in vSphere section.

Note! If the parameters provided below are changed, the existing Machines are NOT redeployed (new Machines will be created with the updated parameters). Redeployment is only performed when NodeGroup and OpenStackInstanceClass parameters are changed. You can learn more in the node-manager module’s documentation. To authenticate using the user-authn module, you need to create a new Generic application in the project’s Crowd.

The module is configured using the ModuleConfig custom resource named cloud-provider-openstack (learn more about setting up Deckhouse…).

Example of the ModuleConfig/cloud-provider-openstack resource for configuring the module:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: cloud-provider-openstack
spec:
  version: 1
  enabled: true
  settings: # <-- Module parameters from the "Parameters" section below.

Parameters

Schema version: 1

  • additionalExternalNetworkNamesarray of strings

    Specifies additional networks that can be connected to the VM. cloud-controller-manager uses them to insert ExternalIP to .status.addresses field in the Node API object.

    If you have instances in the cluster that use External Networks (other than those set out in the placement strategy), you must pass them via the additionalExternalNetworkNames parameter.

    Example:

    additionalExternalNetworkNames:
- some-bgp-network
  • connectionobject

    This section contains parameters required to connect to the cloud provider’s API.

    • connection.authURLstring

      An OpenStack Identity API URL.

    • connection.caCertstring

      Specify the CA x509 certificate used for signing if the OpenStack API has a self-signed certificate; The certificate must have a PEM format.

    • connection.domainNamestring

      The domain name.

    • connection.passwordstring

      The user’s password.

    • connection.regionstring

      The OpenStack region where the cluster will be deployed.

    • connection.tenantIDstring

      The project ID. Cannot be used together with tenantName.

    • connection.tenantNamestring

      The project name.

      Cannot be used together with tenantID.

    • connection.usernamestring

      The name of the user that has full project privileges.

  • externalNetworkNamesarray of strings

    Additional networks that are connected to the VM. cloud-controller-manager uses them to insert ExternalIPs into .status.addresses in the Node API object.

    Example:

    externalNetworkNames:
- KUBE-3
- devops-internal
  • ignoreVolumeMicroversionboolean

    Setting for backwards compatibility. Enable if the cloud OpenStack version is less than 3.34 and you get error “Version 3.34 is not supported by the API. Minimum is 3.0 and maximum is 3.x” when ordering a PV. This will disable volumes online resize, but will restore ability to order new PVs. (original PR https://github.com/kubernetes/cloud-provider-openstack/pull/1986/)

    Default: false

  • instancesobject

    Instance parameters that are used when creating virtual machines.

    • instances.additionalNetworksarray of strings

      A list of networks to connect to the instance.

    • instances.imageNamestring

      The name of the image.

    • instances.mainNetworkstring

      The path to the network that will serve as the primary network (the default gateway) for connecting to the VM.

    • instances.securityGroupsarray of strings

      A list of securityGroups to assign to the provisioned instances. Defines firewall rules for the provisioned instances.

    • instances.sshKeyPairNamestring

      The name of the OpenStack keypair resource; it is used for provisioning instances.

  • internalNetworkNamesarray of strings

    Additional networks that are connected to the VM. cloud-controller-manager uses them to insert InternalIPs into .status.addresses in the Node API object.

    Example:

    internalNetworkNames:
- KUBE-3
- devops-internal
  • loadBalancerobject

    Load Balancer parameters.

    • loadBalancer.floatingNetworkIDstring

      An ID of the external network for floating IPs.

    • loadBalancer.subnetIDstring

      An ID of the Neutron subnet to create the load balancer virtual IP in.

  • podNetworkModestring

    Sets the traffic mode for the network that the pods use to communicate with each other (usually, it is an internal network; however, there can be exceptions):

    • DirectRouting — means that there is a direct routing between the nodes.
    • DirectRoutingWithPortSecurityEnabled — direct routing is enabled between the nodes, but only if the range of addresses of the internal network is explicitly allowed in OpenStack for Ports.
      • Caution! Make sure that the username can edit AllowedAddressPairs on Ports connected to the internalNetworkName network. Generally, an OpenStack user doesn’t have such a privilege if the network has the shared flag set.
    • VXLAN — direct routing between the nodes isn’t available; VXLAN should be used.

    Allowed values: DirectRouting, DirectRoutingWithPortSecurityEnabled, VXLAN

  • storageClassobject

    The module automatically creates StorageClasses that are available in OpenStack.

    • storageClass.defaultstring

      The name of StorageClass that will be used in the cluster by default.

      If the parameter is omitted, the default StorageClass is either:

      • an arbitrary StorageClass present in the cluster that has the default annotation;
      • the first StorageClass created by the module (in accordance with the order in OpenStack).

      Example:

      default: ceph-ssd
    • storageClass.excludearray of strings

      A list of StorageClass names (or regex expressions for names) to exclude from the creation in the cluster.

      Example:

      exclude:
- ".*-hdd"
- iscsi-fast
    • storageClass.topologyEnabledboolean

      This feature enables driver to consider the topology constraints while creating the volume. It is used only during volume provisioning, existing PersistentVolumes are not affected.

      Note! If it is set to false all-new PersistentVolumes are provisioned without topology constraints.

      Default: true

  • tagsobject

    A dictionary of tags that will be available on all provisioned instances.

  • zonesarray of strings

    The default list of zones for provisioning instances. Can be redefined for each NodeGroup individually.

List of required OpenStack services

A list of OpenStack services required for Deckhouse Kubernetes Platform to work in OpenStack:

Service API Version
Identity (Keystone) v3
Compute (Nova) v2
Network (Neutron) v2
Block Storage (Cinder) v3
Load Balancing (Octavia) ⃰ v2

⃰  If you need to order a Load Balancer.