From b5aaaf864d40d9baab1e42c39db7f6324c74400e Mon Sep 17 00:00:00 2001 From: Paul Rey Date: Mon, 18 May 2020 11:31:36 +0200 Subject: [PATCH] Add additional network configuration options to external Openstack CCM (#6083) (#6085) * Add additional network configuration options to external Openstack CCM (#6083) * Change the default version of external openstack cloud controller image to v1.18.1 since there was an issue in v1.18.0 where some IPs of the private network were ignored * Change Network section in external-openstack-cloud-config.j2 to Networking * Add networking customization information in the openstack documentation --- docs/openstack.md | 10 ++++++++++ inventory/sample/group_vars/all/openstack.yml | 5 +++++ .../openstack/defaults/main.yml | 2 +- .../templates/external-openstack-cloud-config.j2 | 9 +++++++++ roles/kubespray-defaults/defaults/main.yaml | 5 +++++ 5 files changed, 30 insertions(+), 1 deletion(-) diff --git a/docs/openstack.md b/docs/openstack.md index 031b25788..fc3c1adb1 100644 --- a/docs/openstack.md +++ b/docs/openstack.md @@ -95,6 +95,16 @@ The new cloud provider is configured to have Octavia by default in Kubespray. - ExpandCSIVolumes=true ``` +- If you are in a case of a multi-nic OpenStack VMs (see [kubernetes/cloud-provider-openstack#407](https://github.com/kubernetes/cloud-provider-openstack/issues/407) and [#6083](https://github.com/kubernetes-sigs/kubespray/issues/6083) for explanation), you should override the default OpenStack networking configuration: + + ```yaml + external_openstack_network_ipv6_disabled: false + external_openstack_network_internal_networks: + - "" + external_openstack_network_public_networks: + - "" + ``` + - Run the `upgrade-cluster.yml` playbook - Run the cleanup playbook located under extra_playbooks `extra_playbooks/migrate_openstack_provider.yml` (this will clean up all resources used by the old cloud provider) - You can remove the feature gates for Volume migration. If you want to enable the possibility to expand CSI volumes you could leave the `ExpandCSIVolumes=true` feature gate diff --git a/inventory/sample/group_vars/all/openstack.yml b/inventory/sample/group_vars/all/openstack.yml index c4761188f..ca76bb092 100644 --- a/inventory/sample/group_vars/all/openstack.yml +++ b/inventory/sample/group_vars/all/openstack.yml @@ -28,6 +28,11 @@ # external_openstack_lbaas_monitor_max_retries: "3" # external_openstack_lbaas_manage_security_groups: false # external_openstack_lbaas_internal_lb: false +# external_openstack_network_ipv6_disabled: false +# external_openstack_network_internal_networks: +# - "" +# external_openstack_network_public_networks: +# - "" ## The tag of the external OpenStack Cloud Controller image # external_openstack_cloud_controller_image_tag: "latest" diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml index 4b9aaeb67..441bb2adc 100644 --- a/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml @@ -12,4 +12,4 @@ external_openstack_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}" external_openstack_domain_id: "{{ lookup('env','OS_USER_DOMAIN_ID') }}" external_openstack_cacert: "{{ lookup('env','OS_CACERT') }}" -external_openstack_cloud_controller_image_tag: "v1.18.0" +external_openstack_cloud_controller_image_tag: "v1.18.1" diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-config.j2 b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-config.j2 index 38260fe7c..d807426a0 100644 --- a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-config.j2 +++ b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-config.j2 @@ -48,3 +48,12 @@ internal-lb={{ external_openstack_lbaas_internal_lb }} {% if external_openstack_lbaas_use_octavia is defined and external_openstack_lbaas_use_octavia %} lb-provider=octavia {% endif %} + +[Networking] +ipv6-support-disabled={{ external_openstack_network_ipv6_disabled | string | lower }} +{% for network_name in external_openstack_network_internal_networks %} +internal-network-name="{{ network_name }}" +{% endfor %} +{% for network_name in external_openstack_network_public_networks %} +public-network-name="{{ network_name }}" +{% endfor %} diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 2e19c3e18..f13111eb0 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -351,6 +351,11 @@ external_openstack_lbaas_create_monitor: false external_openstack_lbaas_monitor_delay: "1m" external_openstack_lbaas_monitor_timeout: "30s" external_openstack_lbaas_monitor_max_retries: "3" +external_openstack_network_ipv6_disabled: false +external_openstack_network_internal_networks: + - "" +external_openstack_network_public_networks: + - "" ## List of authorization modes that must be configured for ## the k8s cluster. Only 'AlwaysAllow', 'AlwaysDeny', 'Node' and