Add additional network configuration options to external Openstack CCM (

#6083) (#6085) * Add additional network configuration options to external Openstack CCM (#6083) * Change the default version of external openstack cloud controller image to v1.18.1 since there was an issue in v1.18.0 where some IPs of the private network were ignored * Change Network section in external-openstack-cloud-config.j2 to Networking * Add networking customization information in the openstack documentation
kubernetes-sigs · May 18, 2020 · b5aaaf8 · b5aaaf8
1 parent d948839
commit b5aaaf8
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 1 deletion.
diff --git a/docs/openstack.md b/docs/openstack.md
@@ -95,6 +95,16 @@ The new cloud provider is configured to have Octavia by default in Kubespray.
  - ExpandCSIVolumes=true
  ```
 
+- If you are in a case of a multi-nic OpenStack VMs (see [kubernetes/cloud-provider-openstack#407](https:/kubernetes/cloud-provider-openstack/issues/407) and [#6083](https:/kubernetes-sigs/kubespray/issues/6083) for explanation), you should override the default OpenStack networking configuration:
+
+ ```yaml
+ external_openstack_network_ipv6_disabled: false
+ external_openstack_network_internal_networks:
+ - ""
+ external_openstack_network_public_networks:
+ - ""
+ ```
+
 - Run the `upgrade-cluster.yml` playbook
 - Run the cleanup playbook located under extra_playbooks `extra_playbooks/migrate_openstack_provider.yml` (this will clean up all resources used by the old cloud provider)
 - You can remove the feature gates for Volume migration. If you want to enable the possibility to expand CSI volumes you could leave the `ExpandCSIVolumes=true` feature gate
diff --git a/inventory/sample/group_vars/all/openstack.yml b/inventory/sample/group_vars/all/openstack.yml
@@ -28,6 +28,11 @@
 # external_openstack_lbaas_monitor_max_retries: "3"
 # external_openstack_lbaas_manage_security_groups: false
 # external_openstack_lbaas_internal_lb: false
+# external_openstack_network_ipv6_disabled: false
+# external_openstack_network_internal_networks:
+# - ""
+# external_openstack_network_public_networks:
+# - ""
 
 ## The tag of the external OpenStack Cloud Controller image
 # external_openstack_cloud_controller_image_tag: "latest"

diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/defaults/main.yml
@@ -12,4 +12,4 @@ external_openstack_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}"
 external_openstack_domain_id: "{{ lookup('env','OS_USER_DOMAIN_ID') }}"
 external_openstack_cacert: "{{ lookup('env','OS_CACERT') }}"
 
-external_openstack_cloud_controller_image_tag: "v1.18.0"
+external_openstack_cloud_controller_image_tag: "v1.18.1"
diff --git a/...tes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-config.j2 b/...tes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-config.j2
@@ -48,3 +48,12 @@ internal-lb={{ external_openstack_lbaas_internal_lb }}
 {% if external_openstack_lbaas_use_octavia is defined and external_openstack_lbaas_use_octavia %}
 lb-provider=octavia
 {% endif %}
+
+[Networking]
+ipv6-support-disabled={{ external_openstack_network_ipv6_disabled | string | lower }}
+{% for network_name in external_openstack_network_internal_networks %}
+internal-network-name="{{ network_name }}"
+{% endfor %}
+{% for network_name in external_openstack_network_public_networks %}
+public-network-name="{{ network_name }}"
+{% endfor %}
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
@@ -351,6 +351,11 @@ external_openstack_lbaas_create_monitor: false
 external_openstack_lbaas_monitor_delay: "1m"
 external_openstack_lbaas_monitor_timeout: "30s"
 external_openstack_lbaas_monitor_max_retries: "3"
+external_openstack_network_ipv6_disabled: false
+external_openstack_network_internal_networks:
+ - ""
+external_openstack_network_public_networks:
+ - ""
 
 ## List of authorization modes that must be configured for
 ## the k8s cluster. Only 'AlwaysAllow', 'AlwaysDeny', 'Node' and