The cloud provider configuration, typically stored as a file named cloud.conf
, controls how OpenShift Container Platform interacts with Red Hat OpenStack Platform (RHOSP).
You can create a valid cloud.conf
file by specifying the following options in it.
Global options
The following options are used for RHOSP CCM authentication with the RHOSP Identity service, also known as Keystone. They are similiar to the global options that you can set by using the openstack
CLI.
Option |
Description |
auth-url
|
The RHOSP Identity service URL. For example, http://128.110.154.166/identity . |
ca-file
|
Optional. The CA certificate bundle file for communication with the RHOSP Identity service. If you use the HTTPS protocol with The Identity service URL, this option is required. |
domain-id
|
The Identity service user domain ID.
Leave this option unset if you are using Identity service application credentials. |
domain-name
|
The Identity service user domain name.
This option is not required if you set domain-id . |
tenant-id
|
The Identity service project ID. Leave this option unset if you are using Identity service application credentials.
In version 3 of the Identity API, which changed the identifier tenant to project , the value of tenant-id is automatically mapped to the project construct in the API. |
tenant-name
|
The Identity service project name. |
username
|
The Identity service user name.
Leave this option unset if you are using Identity service application credentials. |
password
|
The Identity service user password.
Leave this option unset if you are using Identity service application credentials. |
region
|
The Identity service region name. |
trust-id
|
The Identity service trust ID. A trust represents the authorization of a user, or trustor, to delegate roles to another user, or trustee. Optionally, a trust authorizes the trustee to impersonate the trustor. You can find available trusts by querying the /v3/OS-TRUST/trusts endpoint of the Identity service API. |
Load balancer options
The cloud provider supports several load balancer options for deployments that use Octavia.
Option |
Description |
use-octavia
|
Whether or not to use Octavia for the LoadBalancer type of the service implementation rather than Neutron-LBaaS. The default value is true . |
floating-network-id
|
Optional. The external network used to create floating IP addresses for load balancer virtual IP addresses (VIPs). If there are multiple external networks in the cloud, this option must be set or the user must specify loadbalancer.openstack.org/floating-network-id in the service annotation. |
lb-method
|
The load balancing algorithm used to create the load balancer pool.
For the Amphora provider the value can be ROUND_ROBIN , LEAST_CONNECTIONS , or SOURCE_IP . The default value is ROUND_ROBIN .
For the OVN provider, only the SOURCE_IP_PORT algorithm is supported.
For the Amphora provider, if using the LEAST_CONNECTIONS or SOURCE_IP methods, configure the create-monitor option as true in the cloud-provider-config config map on the openshift-config namespace and ETP:Local on the load-balancer type service to allow balancing algorithm enforcement in the client to service endpoint connections. |
lb-provider
|
Optional. Used to specify the provider of the load balancer, for example, amphora or octavia . Only the Amphora and Octavia providers are supported. |
lb-version
|
Optional. The load balancer API version. Only "v2" is supported. |
subnet-id
|
The ID of the Networking service subnet on which load balancer VIPs are created. |
create-monitor
|
Whether or not to create a health monitor for the service load balancer. A health monitor is required for services that declare externalTrafficPolicy: Local . The default value is false .
This option is unsupported if you use RHOSP earlier than version 17 with the ovn provider. |
monitor-delay
|
The interval in seconds by which probes are sent to members of the load balancer. The default value is 5 . |
monitor-max-retries
|
The number of successful checks that are required to change the operating status of a load balancer member to ONLINE . The valid range is 1 to 10 , and the default value is 1 . |
monitor-timeout
|
The time in seconds that a monitor waits to connect to the back end before it times out. The default value is 3 . |
Option |
Description |
search-order
|
This configuration key affects the way that the provider retrieves metadata that relates to the instances in which it runs. The default value of configDrive,metadataservice results in the provider retrieving instance metadata from the configuration drive first if available, and then the metadata service. Alternative values are:
-
configDrive : Only retrieve instance metadata from the configuration drive.
-
metadataservice : Only retrieve instance metadata from the metadata service.
-
metadataservice,configDrive : Retrieve instance metadata from the metadata service first if available, and then retrieve instance metadata from the configuration drive.
|