Configuration Options
An example MachineDeployment can be found here:
examples/openstack-machinedeployment.yaml
Sample machinedeployment.yaml
apiVersion: v1
kind: Secret
metadata:
# If you change the namespace/name, you must also
# adjust the rbac rules
name: machine-controller-openstack
namespace: kube-system
type: Opaque
stringData:
identityEndpoint: << OS_AUTH_URL >>
username: << OS_USERNAME >>
password: << OS_PASSWORD >>
domainName: << OS_DOMAIN_NAME >>
tenantName: << OS_TENANT_NAME >>
tenantID: << OS_TENANT_ID >>
projectName: << OS_PROJECT_NAME >>
projectID: << OS_PROJECT_ID >>
region: << OS_REGION_NAME >>
instanceReadyCheckPeriod: << INSTANCE_READY_CHECK_PERIOD >>
instanceReadyCheckTimeout: << INSTANCE_READY_TIMEOUT >>
---
apiVersion: v1
kind: ConfigMap
metadata:
name: machine-controller
namespace: kube-system
data:
securityGroup: external-ssh
---
apiVersion: "cluster.k8s.io/v1alpha1"
kind: MachineDeployment
metadata:
name: openstack-machinedeployment
namespace: kube-system
spec:
paused: false
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
minReadySeconds: 0
selector:
matchLabels:
foo: bar
template:
metadata:
labels:
foo: bar
spec:
providerSpec:
value:
sshPublicKeys:
- "<< YOUR_PUBLIC_KEY >>"
cloudProvider: "openstack"
cloudProviderSpec:
# If empty, can be set via OS_AUTH_URL env var
identityEndpoint:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: identityEndpoint
# If empty, can be set via OS_APPLICATION_CREDENTIAL_ID env var
applicationCredentialID:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: applicationCredentialID
# If empty, can be set via OS_APPLICATION_CREDENTIAL_SECRET env var
applicationCredentialSecret:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: applicationCredentialSecret
# If empty, can be set via OS_USER_NAME env var
username:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: username
# If empty, can be set via OS_PASSWORD env var
password:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: password
# If empty, can be set via OS_DOMAIN_NAME env var
domainName:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: domainName
# --- WARN: You should define either projectName or tenantName. if both are defined, tenantName is ignored ---
# If empty, can be set via OS_PROJECT_NAME env var
projectName:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: projectName
# If empty, can be set via OS_TENANT_NAME env var
tenantName:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: tenantName
# --- WARN: You should define either projectID or tenantID. if both are defined, tenantID is ignored ---
# If empty, can be set via OS_PROJECT_ID env var
projectID:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: projectID
# If empty, can be set via OS_TENANT_ID env var
tenantID:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: tenantID
# Only required if there is more than one region to choose from
region:
secretKeyRef:
namespace: kube-system
name: machine-controller-openstack
key: region
computeAPIVersion: "2.67"
image: "Ubuntu 18.04 amd64"
flavor: "m1.small"
# UUID of the server group
# used to configure affinity or anti-affinity of the VM instances relative to hypervisor
serverGroup: ""
securityGroups:
- configMapKeyRef:
namespace: kube-system
name: machine-controller
key: securityGroup
# The machine won't get a floating ip if you leave this empty
floatingIpPool: "ext-net"
# Only required if there is more than one AZ to choose from
availabilityZone: ""
# Only required if there is more than one network available
network: ""
# Only required if the network has more than one subnet
subnet: ""
# Optional, if set, the rootDisk will be a volume. If not, the rootDisk
# will be on ephemeral storage and its size will be derived from the flavor
rootDiskSizeGB: 20
# Optional, only applied if rootDiskSizeGB is set.
# Sets the volume type of the root disk.
rootDiskVolumeType: ""
# the list of metadata you would like to attach to the instance
tags:
tagKey: tagValue
operatingSystem: "ubuntu"
operatingSystemSpec:
distUpgradeOnBoot: true
disableAutoUpdate: true
# 'rhelSubscriptionManagerUser' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_USER`
rhelSubscriptionManagerUser: "<< RHEL_SUBSCRIPTION_MANAGER_USER >>"
# 'rhelSubscriptionManagerPassword' is only used for rhel os and can be set via env var `RHEL_SUBSCRIPTION_MANAGER_PASSWORD`
rhelSubscriptionManagerPassword: "<< RHEL_SUBSCRIPTION_MANAGER_PASSWORD >>"
# 'rhsmOfflineToken' if it was provided red hat systems subscriptions will be removed upon machines deletions, and if wasn't
# provided the rhsm will be disabled and any created subscription won't be removed automatically
rhsmOfflineToken: "<< REDHAT_SUBSCRIPTIONS_OFFLINE_TOKEN >>"
versions:
kubelet: 1.33.4
Provider configuration
The OpenStack provider accepts the following configuration parameters:
# identity endpoint of your openstack installation
identityEndpoint: ""
# application Credential ID and Secret can be used in place of username, password, tenantName/tenantID, and domainName.
# application credentials ID
applicationCredentialID: ""
# application credentials secret
applicationCredentialSecret: ""
# your openstack username
username: ""
# your openstack password
password: ""
# the openstack domain
domainName: "default"
# project name
projectName: ""
# project id
projectID: ""
# tenant name (deprecated, should use projectName)
tenantName: ""
# tenant Id (deprecated, should use projectID)
tenantID: ""
# image to use
image: "Ubuntu 24.04"
# instance flavor
flavor: ""
# UUID of the server group
# used to configure affinity or anti-affinity of the VM instances relative to hypervisor
serverGroup: ""
# additional security groups.
# a default security group will be created for node-to-node communication
securityGroups:
- "external-ssh"
# the name of the subnet to use
subnet: ""
# the floating IP pool to use. When set a floating IP will be assigned to the instance
floatingIpPool: ""
# the availability zone to create the instance in
availabilityZone: ""
# the region to operate in
region: ""
# the name of the network to use
network: ""
# compute microversion
computeAPIVersion: ""
# set trust-device-path flag for kubelet
trustDevicePath: false
# Optional, if set, the rootDisk will be a volume. If not, the rootDisk
# will be on ephemeral storage and its size will be derived from the flavor
rootDiskSizeGB: 50
# Optional, only applied if rootDiskSizeGB is set.
# Sets the volume type of the root disk.
rootDiskVolumeType: ""
# set node-volume-attach-limit flag for cloud-config
nodeVolumeAttachLimit: 20
# the list of tags you would like to attach to the instance
tags:
tagKey: tagValue
Multiple Networks
Instances can be attached to multiple networks by specifying a list under the networks key.
networks:
- core-network
- secondary-network
The first entry in the list is treated as the primary network, which is used for associating Floating IPs.
Alternatively, you can configure it like this:
network: core-network
networks:
- secondary-network
Upload supported images to OpenStack
There is a script in the machine-controller repository to upload all supported
images to OpenStack.
./hack/setup-openstack-images.sh
By default all images will be named machine-controller-${OS_NAME}. The image
names can be overwritten using environment variables:
UBUNTU_IMAGE_NAME="ubuntu" ./hack/setup-openstack-images.sh