OpenStack#

k0rdent can deploy child clusters on OpenStack virtual machines. Follow these steps to configure and deploy OpenStack clusters for your users:

Install k0rdent

Follow the instructions in Install k0rdent to create a management cluster with k0rdent running.
OpenStack CLI (optional)

If you plan to access OpenStack directly, go ahead and install the OpenStack CLI.
Configure the OpenStack Application Credential

The exported list of variables should include:
```
OS_AUTH_URL
OS_APPLICATION_CREDENTIAL_ID
OS_APPLICATION_CREDENTIAL_SECRET
OS_REGION_NAME
OS_INTERFACE
OS_IDENTITY_API_VERSION
OS_AUTH_TYPE
```
While it's possible to use a username and password instead of the Application Credential — adjust your YAML accordingly — an Application Credential is strongly recommended because it limits scope and improves security over a raw username/password approach.

Create the OpenStack Credentials Secret

Create a Kubernetes Secret containing the clouds.yaml that defines your OpenStack environment, substituting real values where appropriate. Save this as openstack-cloud-config.yaml:

apiVersion: v1
kind: Secret
metadata:
  name: openstack-cloud-config
  namespace: kcm-system
  labels:
    k0rdent.mirantis.com/component: "kcm"
stringData:
  clouds.yaml: |
    clouds:
      openstack:
        auth:
          auth_url: <OS_AUTH_URL>
          application_credential_id: <OS_APPLICATION_CREDENTIAL_ID>
          application_credential_secret: <OS_APPLICATION_CREDENTIAL_SECRET>
        region_name: <OS_REGION_NAME>
        interface: <OS_INTERFACE>
        identity_api_version: <OS_IDENTITY_API_VERSION>
        auth_type: <OS_AUTH_TYPE>

Apply the YAML to your cluster:

kubectl apply -f openstack-cloud-config.yaml

Create the k0rdent Credential Object

Next, define a Credential that references the Secret from the previous step. Save this as openstack-cluster-identity-cred.yaml:

apiVersion: k0rdent.mirantis.com/v1alpha1
kind: Credential
metadata:
  name: openstack-cluster-identity-cred
  namespace: kcm-system
  labels:
    k0rdent.mirantis.com/component: "kcm"  
spec:
  description: "OpenStack credentials"
  identityRef:
    apiVersion: v1
    kind: Secret
    name: openstack-cloud-config
    namespace: kcm-system

Apply the YAML to your cluster:

kubectl apply -f openstack-cluster-identity-cred.yaml

Note that .spec.identityRef.name must match the Secret you created in the previous step, and .spec.identityRef.namespace must be the same as the one that includes the Secret (kcm-system).

Create the ConfigMap resource-template object

Create a YAML file with the specification of the resource-template and save it as openstack-cluster-identity-resource-template.yaml:

apiVersion: v1
kind: ConfigMap
metadata:
  name: openstack-cloud-config-resource-template
  namespace: kcm-system
  labels:
    k0rdent.mirantis.com/component: "kcm"
  annotations:
    projectsveltos.io/template: "true"
data:
  configmap.yaml: |
    {{- $cluster := .InfrastructureProvider -}}
    {{- $identity := (getResource "InfrastructureProviderIdentity") -}}

    {{- $clouds := fromYaml (index $identity "data" "clouds.yaml" | b64dec) -}}
    {{- if not $clouds }}
      {{ fail "failed to decode clouds.yaml" }}
    {{ end -}}

    {{- $openstack := index $clouds "clouds" "openstack" -}}

    {{- if not (hasKey $openstack "auth") }}
      {{ fail "auth key not found in openstack config" }}
    {{- end }}
    {{- $auth := index $openstack "auth" -}}

    {{- $auth_url := index $auth "auth_url" -}}
    {{- $app_cred_id := index $auth "application_credential_id" -}}
    {{- $app_cred_name := index $auth "application_credential_name" -}}
    {{- $app_cred_secret := index $auth "application_credential_secret" -}}

    {{- $network_id := $cluster.status.externalNetwork.id -}}
    {{- $network_name := $cluster.status.externalNetwork.name -}}
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      name: openstack-cloud-config
      namespace: kube-system
    type: Opaque
    stringData:
      cloud.conf: |
        [Global]
        auth-url="{{ $auth_url }}"

        {{- if $app_cred_id }}
        application-credential-id="{{ $app_cred_id }}"
        {{- end }}

        {{- if $app_cred_name }}
        application-credential-name="{{ $app_cred_name }}"
        {{- end }}

        {{- if $app_cred_secret }}
        application-credential-secret="{{ $app_cred_secret }}"
        {{- end }}

        {{- if and (not $app_cred_id) (not $app_cred_secret) }}
        username="{{ index $openstack "username" }}"
        password="{{ index $openstack "password" }}"
        {{- end }}
        region="{{ index $openstack "region_name" }}"

        [LoadBalancer]
        {{- if $network_id }}
        floating-network-id="{{ $network_id }}"
        {{- end }}

        [Networking]
        {{- if $network_name }}
        public-network-name="{{ $network_name }}"
        {{- end }}

Object needs to be named openstack-cluster-identity-resource-template.yaml, OpenStackClusterIdentity object name + -resource-template string suffix.

Apply the YAML to your cluster:

kubectl apply -f openstack-cluster-identity-resource-template.yaml

Create Your First Child Cluster

To test the configuration, create a YAML file with the specification of your Managed Cluster and save it as my-openstack-cluster-deployment.yaml. Note that you can see the available templates by listing them:

kubectl get clustertemplate -n kcm-system

NAME                            VALID
adopted-cluster-0-3-0           true
aws-eks-0-3-0                   true
aws-hosted-cp-0-3-0             true
aws-standalone-cp-0-3-0         true
azure-aks-0-3-0                 true
azure-hosted-cp-0-3-0           true
azure-standalone-cp-0-3-0       true
openstack-standalone-cp-0-3-0   true
vsphere-hosted-cp-0-3-0         true
vsphere-standalone-cp-0-3-0     true

The ClusterDeployment should look something like this:

apiVersion: k0rdent.mirantis.com/v1alpha1
kind: ClusterDeployment
metadata:
  name: my-openstack-cluster-deployment
  namespace: kcm-system
spec:
  template: openstack-standalone-cp-0-3-0
  credential: openstack-cluster-identity-cred
  config:
    clusterLabels: {}
    controlPlaneNumber: 1
    workersNumber: 1
    controlPlane:
      flavor: m1.medium
      image:
        filter:
          name: ubuntu-22.04-x86_64
    worker:
      flavor: m1.medium
      image:
        filter:
          name: ubuntu-22.04-x86_64
    externalNetwork:
      filter:
        name: "public"
    authURL: ${OS_AUTH_URL}
    identityRef:
      name: "openstack-cloud-config"
      cloudName: "openstack"
      region: ${OS_REGION_NAME}

You can adjust flavor, image name, region name, and authURL to match your OpenStack environment. For more information about the configuration options, see the OpenStack Template Parameters Reference.

Apply the YAML to your management cluster:

kubectl apply -f my-openstack-cluster-deployment.yaml

This will trigger the provisioning process where k0rdent will create a bunch of OpenStack resources such as OpenStackCluster, OpenStackMachineTemplate, OpenStackMachineDeployment, etc. You can follow the provisioning process:

kubectl -n kcm-system get clusterdeployment.k0rdent.mirantis.com my-openstack-cluster-deployment --watch

After the cluster is Ready, you can access it via the kubeconfig, just like any other Kubernetes cluster:

kubectl -n kcm-system get secret my-openstack-cluster-deployment-kubeconfig -o jsonpath='{.data.value}' | base64 -d > my-openstack-cluster-deployment-kubeconfig.kubeconfig
KUBECONFIG="my-openstack-cluster-deployment-kubeconfig.kubeconfig" kubectl get pods -A

Cleanup

To clean up OpenStack resources, delete the managed cluster by deleting the ClusterDeployment:

kubectl get clusterdeployments -A

NAMESPACE    NAME                          READY   STATUS
kcm-system   my-openstack-cluster-deployment   True    ClusterDeployment is ready

kubectl delete clusterdeployments my-openstack-cluster-deployment -n kcm-system

clusterdeployment.k0rdent.mirantis.com "my-openstack-cluster-deployment" deleted