34fd3e0bfc
* add documentation for openstack provider (capo)
* add manifests for openstack provider (capo)
* add cluster templates for control plane and workers
* add site definition to use openstack provider (capo) with
control plane and workers
Change-Id: I7158aa87f2ef044d0acca448e3b1c19f58416e22
559 lines
21 KiB
YAML
559 lines
21 KiB
YAML
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.2.9
|
|
creationTimestamp: null
|
|
name: openstackclusters.infrastructure.cluster.x-k8s.io
|
|
spec:
|
|
group: infrastructure.cluster.x-k8s.io
|
|
names:
|
|
categories:
|
|
- cluster-api
|
|
kind: OpenStackCluster
|
|
listKind: OpenStackClusterList
|
|
plural: openstackclusters
|
|
singular: openstackcluster
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: Cluster to which this OpenStackCluster belongs
|
|
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
|
|
name: Cluster
|
|
type: string
|
|
- description: Cluster infrastructure is ready for OpenStack instances
|
|
jsonPath: .status.ready
|
|
name: Ready
|
|
type: string
|
|
- description: Network the cluster is using
|
|
jsonPath: .status.network.id
|
|
name: Network
|
|
type: string
|
|
- description: Subnet the cluster is using
|
|
jsonPath: .status.network.subnet.id
|
|
name: Subnet
|
|
type: string
|
|
- description: API Endpoint
|
|
jsonPath: .status.network.apiServerLoadBalancer.ip
|
|
name: Endpoint
|
|
priority: 1
|
|
type: string
|
|
name: v1alpha3
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: OpenStackCluster is the Schema for the openstackclusters API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: OpenStackClusterSpec defines the desired state of OpenStackCluster
|
|
properties:
|
|
apiServerLoadBalancerAdditionalPorts:
|
|
description: APIServerLoadBalancerAdditionalPorts adds additional
|
|
ports to the APIServerLoadBalancer
|
|
items:
|
|
type: integer
|
|
type: array
|
|
apiServerLoadBalancerFloatingIP:
|
|
description: APIServerLoadBalancerFloatingIP is the floatingIP which
|
|
will be associated to the APIServer loadbalancer. The floatingIP
|
|
will be created if it not already exists.
|
|
type: string
|
|
apiServerLoadBalancerPort:
|
|
description: APIServerLoadBalancerPort is the port on which the listener
|
|
on the APIServer loadbalancer will be created
|
|
type: integer
|
|
caKeyPair:
|
|
description: CAKeyPair is the key pair for ca certs.
|
|
properties:
|
|
cert:
|
|
description: base64 encoded cert and key
|
|
format: byte
|
|
type: string
|
|
key:
|
|
format: byte
|
|
type: string
|
|
type: object
|
|
cloudName:
|
|
description: The name of the cloud to use from the clouds secret
|
|
type: string
|
|
cloudsSecret:
|
|
description: The name of the secret containing the openstack credentials
|
|
properties:
|
|
name:
|
|
description: Name is unique within a namespace to reference a
|
|
secret resource.
|
|
type: string
|
|
namespace:
|
|
description: Namespace defines the space within which the secret
|
|
name must be unique.
|
|
type: string
|
|
type: object
|
|
controlPlaneAvailabilityZones:
|
|
description: ControlPlaneAvailabilityZones is the az to deploy control
|
|
plane to
|
|
items:
|
|
type: string
|
|
type: array
|
|
controlPlaneEndpoint:
|
|
description: ControlPlaneEndpoint represents the endpoint used to
|
|
communicate with the control plane.
|
|
properties:
|
|
host:
|
|
description: The hostname on which the API server is serving.
|
|
type: string
|
|
port:
|
|
description: The port on which the API server is serving.
|
|
format: int32
|
|
type: integer
|
|
required:
|
|
- host
|
|
- port
|
|
type: object
|
|
disablePortSecurity:
|
|
description: DisablePortSecurity disables the port security of the
|
|
network created for the Kubernetes cluster, which also disables
|
|
SecurityGroups
|
|
type: boolean
|
|
disableServerTags:
|
|
description: 'Default: True. In case of server tag errors, set to
|
|
False'
|
|
type: boolean
|
|
dnsNameservers:
|
|
description: DNSNameservers is the list of nameservers for OpenStack
|
|
Subnet being created. Set this value when you need create a new
|
|
network/subnet while the access through DNS is required.
|
|
items:
|
|
type: string
|
|
type: array
|
|
etcdCAKeyPair:
|
|
description: EtcdCAKeyPair is the key pair for etcd.
|
|
properties:
|
|
cert:
|
|
description: base64 encoded cert and key
|
|
format: byte
|
|
type: string
|
|
key:
|
|
format: byte
|
|
type: string
|
|
type: object
|
|
externalNetworkId:
|
|
description: ExternalNetworkID is the ID of an external OpenStack
|
|
Network. This is necessary to get public internet to the VMs.
|
|
type: string
|
|
externalRouterIPs:
|
|
description: ExternalRouterIPs is an array of externalIPs on the respective
|
|
subnets. This is necessary if the router needs a fixed ip in a specific
|
|
subnet.
|
|
items:
|
|
properties:
|
|
fixedIP:
|
|
description: The FixedIP in the corresponding subnet
|
|
type: string
|
|
subnet:
|
|
description: The subnet in which the FixedIP is used for the
|
|
Gateway of this router
|
|
properties:
|
|
filter:
|
|
description: Filters for optional network query
|
|
properties:
|
|
cidr:
|
|
type: string
|
|
description:
|
|
type: string
|
|
enableDhcp:
|
|
type: boolean
|
|
gateway_ip:
|
|
type: string
|
|
id:
|
|
type: string
|
|
ipVersion:
|
|
type: integer
|
|
ipv6AddressMode:
|
|
type: string
|
|
ipv6RaMode:
|
|
type: string
|
|
limit:
|
|
type: integer
|
|
marker:
|
|
type: string
|
|
name:
|
|
type: string
|
|
networkId:
|
|
type: string
|
|
notTags:
|
|
type: string
|
|
notTagsAny:
|
|
type: string
|
|
projectId:
|
|
type: string
|
|
sortDir:
|
|
type: string
|
|
sortKey:
|
|
type: string
|
|
subnetpoolId:
|
|
type: string
|
|
tags:
|
|
type: string
|
|
tagsAny:
|
|
type: string
|
|
tenantId:
|
|
type: string
|
|
type: object
|
|
uuid:
|
|
description: The UUID of the network. Required if you omit
|
|
the port attribute.
|
|
type: string
|
|
type: object
|
|
required:
|
|
- subnet
|
|
type: object
|
|
type: array
|
|
frontProxyCAKeyPair:
|
|
description: FrontProxyCAKeyPair is the key pair for FrontProxyKeyPair.
|
|
properties:
|
|
cert:
|
|
description: base64 encoded cert and key
|
|
format: byte
|
|
type: string
|
|
key:
|
|
format: byte
|
|
type: string
|
|
type: object
|
|
managedAPIServerLoadBalancer:
|
|
description: 'ManagedAPIServerLoadBalancer defines whether a LoadBalancer
|
|
for the APIServer should be created. If set to true the following
|
|
properties are mandatory: APIServerLoadBalancerFloatingIP, APIServerLoadBalancerPort'
|
|
type: boolean
|
|
managedSecurityGroups:
|
|
description: 'ManagedSecurityGroups defines that kubernetes manages
|
|
the OpenStack security groups for now, that means that we''ll create
|
|
security group allows traffic to/from machines belonging to that
|
|
group based on Calico CNI plugin default network requirements: BGP
|
|
and IP-in-IP for master node(s) and worker node(s) respectively.
|
|
In the future, we could make this more flexible.'
|
|
type: boolean
|
|
network:
|
|
description: If NodeCIDR cannot be set this can be used to detect
|
|
an existing network.
|
|
properties:
|
|
adminStateUp:
|
|
type: boolean
|
|
description:
|
|
type: string
|
|
id:
|
|
type: string
|
|
limit:
|
|
type: integer
|
|
marker:
|
|
type: string
|
|
name:
|
|
type: string
|
|
notTags:
|
|
type: string
|
|
notTagsAny:
|
|
type: string
|
|
projectId:
|
|
type: string
|
|
shared:
|
|
type: boolean
|
|
sortDir:
|
|
type: string
|
|
sortKey:
|
|
type: string
|
|
status:
|
|
type: string
|
|
tags:
|
|
type: string
|
|
tagsAny:
|
|
type: string
|
|
tenantId:
|
|
type: string
|
|
type: object
|
|
nodeCidr:
|
|
description: NodeCIDR is the OpenStack Subnet to be created. Cluster
|
|
actuator will create a network, a subnet with NodeCIDR, and a router
|
|
connected to this subnet. If you leave this empty, no network will
|
|
be created.
|
|
type: string
|
|
saKeyPair:
|
|
description: SAKeyPair is the service account key pair.
|
|
properties:
|
|
cert:
|
|
description: base64 encoded cert and key
|
|
format: byte
|
|
type: string
|
|
key:
|
|
format: byte
|
|
type: string
|
|
type: object
|
|
subnet:
|
|
description: If NodeCIDR cannot be set this can be used to detect
|
|
an existing subnet.
|
|
properties:
|
|
cidr:
|
|
type: string
|
|
description:
|
|
type: string
|
|
enableDhcp:
|
|
type: boolean
|
|
gateway_ip:
|
|
type: string
|
|
id:
|
|
type: string
|
|
ipVersion:
|
|
type: integer
|
|
ipv6AddressMode:
|
|
type: string
|
|
ipv6RaMode:
|
|
type: string
|
|
limit:
|
|
type: integer
|
|
marker:
|
|
type: string
|
|
name:
|
|
type: string
|
|
networkId:
|
|
type: string
|
|
notTags:
|
|
type: string
|
|
notTagsAny:
|
|
type: string
|
|
projectId:
|
|
type: string
|
|
sortDir:
|
|
type: string
|
|
sortKey:
|
|
type: string
|
|
subnetpoolId:
|
|
type: string
|
|
tags:
|
|
type: string
|
|
tagsAny:
|
|
type: string
|
|
tenantId:
|
|
type: string
|
|
type: object
|
|
tags:
|
|
description: Tags for all resources in cluster
|
|
items:
|
|
type: string
|
|
type: array
|
|
useOctavia:
|
|
description: UseOctavia is weather LoadBalancer Service is Octavia
|
|
or not
|
|
type: boolean
|
|
type: object
|
|
status:
|
|
description: OpenStackClusterStatus defines the observed state of OpenStackCluster
|
|
properties:
|
|
controlPlaneSecurityGroup:
|
|
description: 'ControlPlaneSecurityGroups contains all the information
|
|
about the OpenStack Security Group that needs to be applied to control
|
|
plane nodes. TODO: Maybe instead of two properties, we add a property
|
|
to the group?'
|
|
properties:
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
rules:
|
|
items:
|
|
description: SecurityGroupRule represent the basic information
|
|
of the associated OpenStack Security Group Role.
|
|
properties:
|
|
description:
|
|
type: string
|
|
direction:
|
|
type: string
|
|
etherType:
|
|
type: string
|
|
name:
|
|
type: string
|
|
portRangeMax:
|
|
type: integer
|
|
portRangeMin:
|
|
type: integer
|
|
protocol:
|
|
type: string
|
|
remoteGroupID:
|
|
type: string
|
|
remoteIPPrefix:
|
|
type: string
|
|
securityGroupID:
|
|
type: string
|
|
required:
|
|
- description
|
|
- direction
|
|
- etherType
|
|
- name
|
|
- portRangeMax
|
|
- portRangeMin
|
|
- protocol
|
|
- remoteGroupID
|
|
- remoteIPPrefix
|
|
- securityGroupID
|
|
type: object
|
|
type: array
|
|
required:
|
|
- id
|
|
- name
|
|
- rules
|
|
type: object
|
|
failureDomains:
|
|
additionalProperties:
|
|
description: FailureDomainSpec is the Schema for Cluster API failure
|
|
domains. It allows controllers to understand how many failure
|
|
domains a cluster can optionally span across.
|
|
properties:
|
|
attributes:
|
|
additionalProperties:
|
|
type: string
|
|
description: Attributes is a free form map of attributes an
|
|
infrastructure provider might use or require.
|
|
type: object
|
|
controlPlane:
|
|
description: ControlPlane determines if this failure domain
|
|
is suitable for use by control plane machines.
|
|
type: boolean
|
|
type: object
|
|
description: FailureDomains represent OpenStack availability zones
|
|
type: object
|
|
network:
|
|
description: Network contains all information about the created OpenStack
|
|
Network. It includes Subnets and Router.
|
|
properties:
|
|
apiServerLoadBalancer:
|
|
description: Be careful when using APIServerLoadBalancer, because
|
|
this field is optional and therefore not set in all cases
|
|
properties:
|
|
id:
|
|
type: string
|
|
internalIP:
|
|
type: string
|
|
ip:
|
|
type: string
|
|
name:
|
|
type: string
|
|
required:
|
|
- id
|
|
- internalIP
|
|
- ip
|
|
- name
|
|
type: object
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
router:
|
|
description: Router represents basic information about the associated
|
|
OpenStack Neutron Router
|
|
properties:
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
required:
|
|
- id
|
|
- name
|
|
type: object
|
|
subnet:
|
|
description: Subnet represents basic information about the associated
|
|
OpenStack Neutron Subnet
|
|
properties:
|
|
cidr:
|
|
type: string
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
required:
|
|
- cidr
|
|
- id
|
|
- name
|
|
type: object
|
|
required:
|
|
- id
|
|
- name
|
|
type: object
|
|
ready:
|
|
type: boolean
|
|
workerSecurityGroup:
|
|
description: WorkerSecurityGroup contains all the information about
|
|
the OpenStack Security Group that needs to be applied to worker
|
|
nodes.
|
|
properties:
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
rules:
|
|
items:
|
|
description: SecurityGroupRule represent the basic information
|
|
of the associated OpenStack Security Group Role.
|
|
properties:
|
|
description:
|
|
type: string
|
|
direction:
|
|
type: string
|
|
etherType:
|
|
type: string
|
|
name:
|
|
type: string
|
|
portRangeMax:
|
|
type: integer
|
|
portRangeMin:
|
|
type: integer
|
|
protocol:
|
|
type: string
|
|
remoteGroupID:
|
|
type: string
|
|
remoteIPPrefix:
|
|
type: string
|
|
securityGroupID:
|
|
type: string
|
|
required:
|
|
- description
|
|
- direction
|
|
- etherType
|
|
- name
|
|
- portRangeMax
|
|
- portRangeMin
|
|
- protocol
|
|
- remoteGroupID
|
|
- remoteIPPrefix
|
|
- securityGroupID
|
|
type: object
|
|
type: array
|
|
required:
|
|
- id
|
|
- name
|
|
- rules
|
|
type: object
|
|
required:
|
|
- ready
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|