Configuration
This page lists the custom configuration options available, including their default values and if they are optional. The following example shows how these variables can be used inside the cluster.yaml file under spec.topology.variables.
Example
apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
metadata:
name:
namespace:
labels:
managed-secret: cloud-config
spec:
clusterNetwork:
pods:
cidrBlocks:
- 192.168.0.0/16
serviceDomain: cluster.local
services:
cidrBlocks:
- 10.96.0.0/12
topology:
variables: // <-- variables from the table can be set here
- name: controller_flavor
value: "SCS-4V-8-20"
- name: worker_flavor
value: "SCS-4V-8-20"
- name: external_id
value: "ebfe5546-f09f-4f42-ab54-094e457d42ec"
class: openstack-alpha-1-29-v2
controlPlane:
replicas: 2
version: v1.29.3
workers:
machineDeployments:
- class: openstack-alpha-1-29-v2
failureDomain: nova
name: openstack-alpha-1-29-v2
replicas: 4
Variables from the table containing a . are to be used in an object with the part before the dot being the object name and the part behind the dot being the value names. The following example demonstrates this with oidc_config.
---
topology:
variables:
- name: oidc_config
value:
issuer_url: "https://dex.k8s.scs.community"
client_id: "kubectl"
Available variables
| Name | Type | Default | Example | Description | Required |
|---|---|---|---|---|---|
external_id | string | "" | "ebfe5546-f09f-4f42-ab54-094e457d42ec" | ExternalNetworkID is the ID of an external OpenStack Network. This is necessary to get public internet to the VMs. | False |
controller_flavor | string | "SCS-2V-4-20s" | "SCS-2V-4-20s" | OpenStack instance flavor for control-plane nodes. | False |
worker_flavor | string | "SCS-2V-4" | "SCS-2V-4" | OpenStack instance flavor for worker nodes. | False |
controller_root_disk | integer | 25 | Root disk size in GiB for control-plane nodes. OpenStack volume will be created and used instead of an ephemeral disk defined in flavor. Should only be used for the diskless flavors. | False | |
worker_root_disk | integer | 25 | 25 | Root disk size in GiB for worker nodes. OpenStack volume will be created and used instead of an ephemeral disk defined in flavor. Should be used for the diskless flavors. | False |
openstack_security_groups | array | [] | ['security-group-1'] | The names of the security groups to assign to the instance | False |
cloud_name | string | "openstack" | "openstack" | The name of the cloud to use from the clouds secret | False |
secret_name | string | "openstack" | "openstack" | The name of the clouds secret | False |
controller_server_group_id | string | "" | "3adf4e92-bb33-4e44-8ad3-afda9dfe8ec3" | The server group to assign the control plane nodes to. | False |
worker_server_group_id | string | "" | "869fe071-1e56-46a9-9166-47c9f228e297" | The server group to assign the worker nodes to. | False |
ssh_key | string | "" | "capi-keypair" | The ssh key to inject in the nodes. | False |
apiserver_loadbalancer | string | "octavia-amphora" | "none, octavia-amphora, octavia-ovn" | "In this cluster-stack we have two kind of loadbalancers. Each of them has its own configuration variable. This setting here is to configure the loadbalancer that is placed in front of the apiserver. You can choose from 2 options: none: No loadbalancer solution will be deployed octavia-amphora: (default) Uses openstack's loadbalancer service (provider:amphora) octavia-ovn: Uses openstack's loadbalancer service (provider:ovn) | False |
dns_nameservers | array | ['5.1.66.255', '185.150.99.255'] | ['5.1.66.255', '185.150.99.255'] | "DNSNameservers is the list of nameservers for the OpenStack Subnet being created. Set this value when you need to create a new network/subnet while the access through DNS is required. | False |
node_cidr | string | "10.8.0.0/20" | "10.8.0.0/20" | "NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a network, a subnet with NodeCIDR, and a router connected to this subnet. If you leave this empty, no network will be created. | False |
certSANs | array | [] | ['mydomain.example'] | CertSANs sets extra Subject Alternative Names for the API Server signing cert. | False |
oidc_config.client_id | string | kubectl | A client id that all tokens must be issued for. | ||
oidc_config.issuer_url | string | https://dex.example.com | URL of the provider that allows the API server to dis cover public signing keys. Only URLs that use the https:// scheme are acc epted. This is typically the provider's discovery URL, changed to have an emp ty path | ||
oidc_config.username_claim | string | preferred_username | preferred_username | JWT claim to use as the user name. By default sub, whi ch is expected to be a unique identifier of the end user. Admins can choose oth er claims, such as email or name, depending on their provider. However, cla ims other than email will be prefixed with the issuer URL to prevent naming cla shes with other plugins. | |
oidc_config.groups_claim | string | groups | groups | JWT claim to use as the user's group. If the claim is present it must be an array of strings. | |
oidc_config.username_prefix | string | oidc: | oidc: | Prefix prepended to username claims to prevent cla shes with existing names (such as system: users). For example, the value oid c: will create usernames like oidc:jane.doe. If this flag isn't provided and --o idc-username-claim is a value other than email the prefix defaults to ( Iss uer URL )# where ( Issuer URL ) is the value of --oidc-issuer-url. The value - c an be used to disable all prefixing. | |
oidc_config.groups_prefix | string | oidc: | oidc: | Prefix prepended to group claims to prevent clashes wit h existing names (such as system: groups). For example, the value oidc: will cre ate group names like oidc:engineering and oidc:infra. | |
network_mtu | integer | 1500 | NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. | False | |
controlPlaneAvailabilityZones | array | ['nova'] | ControlPlaneAvailabilityZones is the set of availability zones which control plane machines may be deployed to. | False | |
controlPlaneOmitAvailabilityZone | boolean | True | ControlPlaneOmitAvailabilityZone causes availability zone to be omitted when creating control plane nodes, allowing the Nova scheduler to make a decision on which availability zone to use based on other scheduling constraints. | False |