Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 9. OpenStack Cloud Controller Manager reference guide
9.1. The OpenStack Cloud Controller Manager
In OpenShift Container Platform 4.12, clusters that run on Red Hat OpenStack Platform (RHOSP) are switched from the legacy OpenStack cloud provider to the external OpenStack Cloud Controller Manager (CCM). This change follows the move in Kubernetes from in-tree, legacy cloud providers to external cloud providers that are implemented by using the Cloud Controller Manager.
To preserve user-defined configurations for the legacy cloud provider, existing configurations are mapped to new ones as part of the migration process. It searches for a configuration called
cloud-provider-configopenshift-configThe config map name
cloud-provider-configspec.cloudConfig.nameinfrastructure/clusterFound configurations are synchronized to the
cloud-confopenshift-cloud-controller-managerAs part of this synchronization, the OpenStack CCM Operator alters the new config map such that its properties are compatible with the external cloud provider. The file is changed in the following ways:
-
The ,
[Global] secret-name, and[Global] secret-namespaceoptions are removed. They do not apply to the external cloud provider.[Global] kubeconfig-path -
The ,
[Global] use-clouds, and[Global] clouds-fileoptions are added.[Global] cloud -
The entire section is removed. External cloud providers no longer perform storage operations. Block storage configuration is managed by the Cinder CSI driver.
[BlockStorage]
Additionally, the CCM Operator enforces a number of default options. Values for these options are always overriden as follows:
[Global]
use-clouds = true
clouds-file = /etc/openstack/secret/clouds.yaml
cloud = openstack
...
[LoadBalancer]
use-octavia = true
enabled = true - 1
- If the network is configured to use Kuryr, this value is
false.
The
clouds-value/etc/openstack/secret/clouds.yamlopenstack-cloud-credentialsopenshift-cloud-controller-managerclouds.yaml9.2. The OpenStack Cloud Controller Manager (CCM) config map
An OpenStack CCM config map defines how your cluster interacts with your RHOSP cloud. By default, this configuration is stored under the
cloud.confcloud-confopenshift-cloud-controller-managerThe
cloud-confcloud-provider-configopenshift-configTo change the settings that are described by the
cloud-confcloud-provider-configAs part of this synchronization, the CCM Operator overrides some options. For more information, see "The RHOSP Cloud Controller Manager".
For example:
An example cloud-conf config map
apiVersion: v1
data:
cloud.conf: |
[Global]
secret-name = openstack-credentials
secret-namespace = kube-system
region = regionOne
[LoadBalancer]
use-octavia = True
kind: ConfigMap
metadata:
creationTimestamp: "2022-12-20T17:01:08Z"
name: cloud-conf
namespace: openshift-cloud-controller-manager
resourceVersion: "2519"
uid: cbbeedaf-41ed-41c2-9f37-4885732d3677- 1
- Set global options by using a
clouds.yamlfile rather than modifying the config map.
The following options are present in the config map. Except when indicated otherwise, they are mandatory for clusters that run on RHOSP.
9.2.1. Load balancer options
CCM supports several load balancer options for deployments that use Octavia.
Neutron-LBaaS support is deprecated.
| Option | Description |
|---|---|
|
| Whether or not to enable the |
|
| Optional. The external network used to create floating IP addresses for load balancer virtual IP addresses (VIPs). If there are multiple external networks in the cloud, this option must be set or the user must specify |
|
| Optional. The external network subnet used to create floating IP addresses for the load balancer VIP. Can be overridden by the service annotation |
|
| Optional. A name pattern (glob or regular expression if starting with |
|
| Optional. Tags for the external network subnet used to create floating IP addresses for the load balancer VIP. Can be overridden by the service annotation If the RHOSP network is configured with sharing disabled, for example, with the |
|
| The load balancing algorithm used to create the load balancer pool. For the Amphora provider the value can be For the OVN provider, only the For the Amphora provider, if using the |
|
| Optional. Used to specify the provider of the load balancer, for example, |
|
| Optional. The load balancer API version. Only |
|
| The ID of the Networking service subnet on which load balancer VIPs are created. |
|
| The ID of the Networking service network on which load balancer VIPs are created. Unnecessary if |
|
| Whether or not to create a health monitor for the service load balancer. A health monitor is required for services that declare This option is unsupported if you use RHOSP earlier than version 17 with the |
|
| The interval in seconds by which probes are sent to members of the load balancer. The default value is |
|
| The number of successful checks that are required to change the operating status of a load balancer member to |
|
| The time in seconds that a monitor waits to connect to the back end before it times out. The default value is |
|
| Whether or not to create an internal load balancer without floating IP addresses. The default value is |
|
| This is a config section that comprises a set of options:
The behavior of these options is the same as that of the identically named options in the load balancer section of the CCM config file. You can set the |
|
| The maximum number of services that can share a load balancer. The default value is |
9.2.2. Options that the Operator overrides
The CCM Operator overrides the following options, which you might recognize from configuring RHOSP. Do not configure them yourself. They are included in this document for informational purposes only.
| Option | Description |
|---|---|
|
| The RHOSP Identity service URL. For example, |
|
| The type of endpoint to use from the service catalog. |
|
| The Identity service user name. |
|
| The Identity service user password. |
|
| The Identity service user domain ID. |
|
| The Identity service user domain name. |
|
| The Identity service project ID. Leave this option unset if you are using Identity service application credentials. In version 3 of the Identity API, which changed the identifier |
|
| The Identity service project name. |
|
| The Identity service project domain ID. |
|
| The Identity service project domain name. |
|
| The Identity service user domain ID. |
|
| The Identity service user domain name. |
|
| Whether or not to fetch authorization credentials from a CCM searches for the file in the following places:
|
|
| The file path of a |
|
| The named cloud in the |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}