diff --git a/docs/providers/openstack/configuration.md b/docs/providers/openstack/configuration.md
index 330b1dc8..00254da3 100644
--- a/docs/providers/openstack/configuration.md
+++ b/docs/providers/openstack/configuration.md
@@ -44,47 +44,41 @@ spec:
Variables from the table containing a `.` are to be used in an object with the part before the dot being the object name and the part behind the dot being the value names. The following example demonstrates this with `oidc_config`.
```yaml
-...
+---
topology:
variables:
- name: oidc_config
value:
issuer_url: "https://dex.k8s.scs.community"
client_id: "kubectl"
-...
```
## Available variables
-|Name|Type|Default|Example|Description|Required|
-|----|----|-------|-------|-----------|--------|
-|`external_id`|string|""|"ebfe5546-f09f-4f42-ab54-094e457d42ec"|ExternalNetworkID is the ID of an external OpenStack Network. This is necessary to get public internet to the VMs.|False|
-|`controller_flavor`|string|"SCS-2V-4-20s"|"SCS-2V-4-20s"|OpenStack instance flavor for control-plane nodes.|False|
-|`worker_flavor`|string|"SCS-2V-4"|"SCS-2V-4"|OpenStack instance flavor for worker nodes.|False|
-|`controller_root_disk`|integer||25|Root disk size in GiB for control-plane nodes. OpenStack volume will be created and used instead of an ephemeral disk defined in flavor. Should only be used for the diskless flavors.|False|
-|`worker_root_disk`|integer|25|25|Root disk size in GiB for worker nodes. OpenStack volume will be created and used instead of an ephemeral disk defined in flavor. Should be used for the diskless flavors.|False|
-|`yawol_flavor_id`|string|""|"0a79590e-10d7-4c2c-8f69-ca0a2c6208d2"|ID of the existing flavor used as a default yawol flavor.|False|
-|`yawol_image_id`|string|""|"f0b2ef46-f0ff-43d2-9c08-f58a5a6e9060"|ID of the existing imaged used as a default yawol image.|False|
-|`kube_vip_network_id`|string|""|"40a51f6c-9e4b-4b24-9187-49851a410c97"|ID of the existing network. The network should have one subnet with one port reserved as virtual IP.|False|
-|`kube_vip_apiserver_virtual_ip`|string|""|"10.0.0.197"|Virtual IP address reserved in kube_vip_network_id.|False|
-|`kube_vip_apiserver_public_ip`|string|""|""|Public IP address associated with kube_vip_apiserver_virtual_ip. It is needed only when the management cluster is on a different network as a workload cluster.|False|
-|`openstack_security_groups`|array|[]|['security-group-1']|The names of the security groups to assign to the instance|False|
-|`cloud_name`|string|"openstack"|"openstack"|The name of the cloud to use from the clouds secret|False|
-|`secret_name`|string|"openstack"|"openstack"|The name of the clouds secret|False|
-|`controller_server_group_id`|string|""|"3adf4e92-bb33-4e44-8ad3-afda9dfe8ec3"|The server group to assign the control plane nodes to.|False|
-|`worker_server_group_id`|string|""|"869fe071-1e56-46a9-9166-47c9f228e297"|The server group to assign the worker nodes to.|False|
-|`ssh_key`|string|""|"capi-keypair"|The ssh key to inject in the nodes.|False|
-|`apiserver_loadbalancer`|string|"octavia-amphora"|"none, octavia-amphora, octavia-ovn, kube-vip"|"In this cluster-stack we have two kind of loadbalancers. Each of them has its own configuration variable. This setting here is to configure the loadbalancer that is placed in front of the apiserver.
To configure the loadbalancer for the workloads, see variable workload_loadbalancer.
You can choose from 4 options:
none:
No loadbalancer solution will be deployed
octavia-amphora:
(default) Uses openstack's loadbalancer service (provider:amphora)
octavia-ovn:
Uses openstack's loadbalancer service (provider:ovn)
kube-vip:
Uses kube-vip as loadbalancer.
You have to provide the following additional variables:
kube_vip_network_id
kube_vip_apiserver_virtual_ip
kube_vip_apiserver_public_ip
Requires Kubernetes version < 1.29
Also the settings node_cidr and dns_nameservers will no longer have an effect.
|False|
-|`workload_loadbalancer`|string|"octavia-amphora"|"none, octavia-amphora, octavia-ovn, yawol"|"This setting here is to configure the loadbalancer solution for your services inside your cluster.
If you want to configure the loadbalancer in front of your apiserver, see variable apiserver_loadbalancer instead.
You can choose from 4 options:
none:
No loadbalancer solution will be deployed
octavia-amphora:
(default) Uses openstack's loadbalancer service (provider:amphora)
octavia-ovn:
Uses openstack's loadbalancer service (provider:ovn)
yawol:
Uses yawol as loadbalancer.
You have to provide the following additional variables:
yawol_flavor_id
yawol_image_id
Also note this setting does not work with application credentials (only username/password)"
|False|
-|`dns_nameservers`|array|['5.1.66.255', '185.150.99.255']|['5.1.66.255', '185.150.99.255']|"DNSNameservers is the list of nameservers for the OpenStack Subnet being created. Set this value when you need to create a new network/subnet while the access through DNS is required.
This setting has no effect when apiserver_loadbalancer is set to kube-vip.
However you can set the dns server when creating the subnet for kube-vip."
|False|
-|`node_cidr`|string|"10.8.0.0/20"|"10.8.0.0/20"|"NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a network, a subnet with NodeCIDR, and a router connected to this subnet. If you leave this empty, no network will be created.
This setting has no effect when apiserver_loadbalancer is set to kube-vip.
However you can set the node_cidr when creating the subnet for kube-vip."
|False|
-|`certSANs`|array|[]|['mydomain.example']|CertSANs sets extra Subject Alternative Names for the API Server signing cert.|False|
-|`oidc_config.client_id`|string||kubectl|A client id that all tokens must be issued for.||
-|`oidc_config.issuer_url`|string||https://dex.k8s.scs.community|URL of the provider that allows the API server to dis cover public signing keys. Only URLs that use the https:// scheme are acc epted. This is typically the provider's discovery URL, changed to have an emp ty path||
-|`oidc_config.username_claim`|string|preferred_username|preferred_username|JWT claim to use as the user name. By default sub, whi ch is expected to be a unique identifier of the end user. Admins can choose oth er claims, such as email or name, depending on their provider. However, cla ims other than email will be prefixed with the issuer URL to prevent naming cla shes with other plugins.||
-|`oidc_config.groups_claim`|string|groups|groups|JWT claim to use as the user's group. If the claim is present it must be an array of strings.||
-|`oidc_config.username_prefix`|string|oidc:|oidc:|Prefix prepended to username claims to prevent cla shes with existing names (such as system: users). For example, the value oid c: will create usernames like oidc:jane.doe. If this flag isn't provided and --o idc-username-claim is a value other than email the prefix defaults to ( Iss uer URL )# where ( Issuer URL ) is the value of --oidc-issuer-url. The value - c an be used to disable all prefixing.||
-|`oidc_config.groups_prefix`|string|oidc:|oidc:|Prefix prepended to group claims to prevent clashes wit h existing names (such as system: groups). For example, the value oidc: will cre ate group names like oidc:engineering and oidc:infra.||
-|`network_mtu`|integer||1500|NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.|False|
-|`controlPlaneAvailabilityZones`|array||['nova']|ControlPlaneAvailabilityZones is the set of availability zones which control plane machines may be deployed to.|False|
-|`controlPlaneOmitAvailabilityZone`|boolean||True|ControlPlaneOmitAvailabilityZone causes availability zone to be omitted when creating control plane nodes, allowing the Nova scheduler to make a decision on which availability zone to use based on other scheduling constraints.|False|
\ No newline at end of file
+| Name | Type | Default | Example | Description | Required |
+| ---------------------------------- | ------- | -------------------------------- | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
+| `external_id` | string | "" | "ebfe5546-f09f-4f42-ab54-094e457d42ec" | ExternalNetworkID is the ID of an external OpenStack Network. This is necessary to get public internet to the VMs. | False |
+| `controller_flavor` | string | "SCS-2V-4-20s" | "SCS-2V-4-20s" | OpenStack instance flavor for control-plane nodes. | False |
+| `worker_flavor` | string | "SCS-2V-4" | "SCS-2V-4" | OpenStack instance flavor for worker nodes. | False |
+| `controller_root_disk` | integer | | 25 | Root disk size in GiB for control-plane nodes. OpenStack volume will be created and used instead of an ephemeral disk defined in flavor. Should only be used for the diskless flavors. | False |
+| `worker_root_disk` | integer | 25 | 25 | Root disk size in GiB for worker nodes. OpenStack volume will be created and used instead of an ephemeral disk defined in flavor. Should be used for the diskless flavors. | False |
+| `openstack_security_groups` | array | [] | ['security-group-1'] | The names of the security groups to assign to the instance | False |
+| `cloud_name` | string | "openstack" | "openstack" | The name of the cloud to use from the clouds secret | False |
+| `secret_name` | string | "openstack" | "openstack" | The name of the clouds secret | False |
+| `controller_server_group_id` | string | "" | "3adf4e92-bb33-4e44-8ad3-afda9dfe8ec3" | The server group to assign the control plane nodes to. | False |
+| `worker_server_group_id` | string | "" | "869fe071-1e56-46a9-9166-47c9f228e297" | The server group to assign the worker nodes to. | False |
+| `ssh_key` | string | "" | "capi-keypair" | The ssh key to inject in the nodes. | False |
+| `apiserver_loadbalancer` | string | "octavia-amphora" | "none, octavia-amphora, octavia-ovn" | "In this cluster-stack we have two kind of loadbalancers. Each of them has its own configuration variable. This setting here is to configure the loadbalancer that is placed in front of the apiserver.
To configure the loadbalancer for the workloads, see variable workload_loadbalancer.
You can choose from 4 options:
none:
No loadbalancer solution will be deployed
octavia-amphora:
(default) Uses openstack's loadbalancer service (provider:amphora)
octavia-ovn:
Uses openstack's loadbalancer service (provider:ovn)
| False |
+| `workload_loadbalancer` | string | "octavia-amphora" | "none, octavia-amphora, octavia-ovn" | "This setting here is to configure the loadbalancer solution for your services inside your cluster.
If you want to configure the loadbalancer in front of your apiserver, see variable apiserver_loadbalancer instead.
You can choose from 4 options:
none:
No loadbalancer solution will be deployed
octavia-amphora:
(default) Uses openstack's loadbalancer service (provider:amphora)
octavia-ovn:
Uses openstack's loadbalancer service (provider:ovn)
> | False |
+| `dns_nameservers` | array | ['5.1.66.255', '185.150.99.255'] | ['5.1.66.255', '185.150.99.255'] | "DNSNameservers is the list of nameservers for the OpenStack Subnet being created. Set this value when you need to create a new network/subnet while the access through DNS is required.
| False |
+| `node_cidr` | string | "10.8.0.0/20" | "10.8.0.0/20" | "NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a network, a subnet with NodeCIDR, and a router connected to this subnet. If you leave this empty, no network will be created.
| False |
+| `certSANs` | array | [] | ['mydomain.example'] | CertSANs sets extra Subject Alternative Names for the API Server signing cert. | False |
+| `oidc_config.client_id` | string | | kubectl | A client id that all tokens must be issued for. | |
+| `oidc_config.issuer_url` | string | | | URL of the provider that allows the API server to dis cover public signing keys. Only URLs that use the https:// scheme are acc epted. This is typically the provider's discovery URL, changed to have an emp ty path | |
+| `oidc_config.username_claim` | string | preferred_username | preferred_username | JWT claim to use as the user name. By default sub, whi ch is expected to be a unique identifier of the end user. Admins can choose oth er claims, such as email or name, depending on their provider. However, cla ims other than email will be prefixed with the issuer URL to prevent naming cla shes with other plugins. | |
+| `oidc_config.groups_claim` | string | groups | groups | JWT claim to use as the user's group. If the claim is present it must be an array of strings. | |
+| `oidc_config.username_prefix` | string | oidc: | oidc: | Prefix prepended to username claims to prevent cla shes with existing names (such as system: users). For example, the value oid c: will create usernames like oidc:jane.doe. If this flag isn't provided and --o idc-username-claim is a value other than email the prefix defaults to ( Iss uer URL )# where ( Issuer URL ) is the value of --oidc-issuer-url. The value - c an be used to disable all prefixing. | |
+| `oidc_config.groups_prefix` | string | oidc: | oidc: | Prefix prepended to group claims to prevent clashes wit h existing names (such as system: groups). For example, the value oidc: will cre ate group names like oidc:engineering and oidc:infra. | |
+| `network_mtu` | integer | | 1500 | NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. | False |
+| `controlPlaneAvailabilityZones` | array | | ['nova'] | ControlPlaneAvailabilityZones is the set of availability zones which control plane machines may be deployed to. | False |
+| `controlPlaneOmitAvailabilityZone` | boolean | | True | ControlPlaneOmitAvailabilityZone causes availability zone to be omitted when creating control plane nodes, allowing the Nova scheduler to make a decision on which availability zone to use based on other scheduling constraints. | False |
diff --git a/providers/openstack/scs/cluster-addon-values.yaml b/providers/openstack/scs/cluster-addon-values.yaml
index 90bde834..d0e64aac 100644
--- a/providers/openstack/scs/cluster-addon-values.yaml
+++ b/providers/openstack/scs/cluster-addon-values.yaml
@@ -1,34 +1,8 @@
values: |
- {{- define "yawol_image_id" -}}
- {{- range .Cluster.spec.topology.variables -}}
- {{- if eq .name "yawol_image_id" -}}
- {{ .value }}
- {{- end -}}
- {{- end -}}
- {{- end }}
- {{- define "yawol_flavor_id" -}}
- {{- range .Cluster.spec.topology.variables -}}
- {{- if eq .name "yawol_flavor_id" -}}
- {{ .value }}
- {{- end -}}
- {{- end -}}
- {{- end }}
metrics-server:
commonLabels:
domain: "{{ .Cluster.spec.controlPlaneEndpoint.host }}"
clusterAddonVersion: "v2"
- {{ range .Cluster.spec.topology.variables }}
- {{- if and (eq .name "workload_loadbalancer") (eq .value "yawol") }}
- yawol-controller:
- enabled: true
- yawolFloatingID: "{{ $.InfraCluster.status.externalNetwork.id }}"
- yawolNetworkID: "{{ $.InfraCluster.status.network.id }}"
- yawolAPIHost: "{{ printf "https://%s:%d" $.Cluster.spec.controlPlaneEndpoint.host $.Cluster.spec.controlPlaneEndpoint.port }}"
- yawolFlavorID: {{ template "yawol_flavor_id" $}}
- yawolImageID: {{ template "yawol_image_id" $}}
- {{- end }}
- {{- end }}
-
openstack-cloud-controller-manager:
cluster:
name: {{ .Cluster.metadata.name }}
@@ -36,7 +10,7 @@ values: |
loadBalancer:
{{- range .Cluster.spec.topology.variables }}
{{- if eq .name "workload_loadbalancer" }}
- {{- if or (eq .value "none") (eq .value "yawol") }}
+ {{- if eq .value "none" }}
enabled: false
{{ else if eq .value "octavia-amphora" }}
enabled: true
diff --git a/providers/openstack/scs/cluster-addon/Chart.lock b/providers/openstack/scs/cluster-addon/Chart.lock
index 528521d7..075e9f3b 100644
--- a/providers/openstack/scs/cluster-addon/Chart.lock
+++ b/providers/openstack/scs/cluster-addon/Chart.lock
@@ -1,18 +1,15 @@
dependencies:
- name: metrics-server
repository: https://kubernetes-sigs.github.io/metrics-server/
- version: 3.12.0
+ version: 3.12.2
- name: cilium
repository: https://helm.cilium.io/
- version: 1.16.3
+ version: 1.17.1
- name: openstack-cloud-controller-manager
repository: https://kubernetes.github.io/cloud-provider-openstack
- version: 2.28.4
+ version: 2.30.4
- name: openstack-cinder-csi
repository: https://kubernetes.github.io/cloud-provider-openstack
- version: 2.28.2
-- name: yawol-controller
- repository: https://stackitcloud.github.io/yawol
- version: 0.21.3
-digest: sha256:022d98ff75f315c6467c2b71156dcf30c25f2437f14c3452ac14c1cd68523b17
-generated: "2024-10-20T10:37:24.476007912+02:00"
+ version: 2.30.2
+digest: sha256:0079134a81e34fe1a890745a8438b9e89f382f56a233623519c5d7264d85f645
+generated: "2025-03-07T23:35:34.770335187+01:00"
diff --git a/providers/openstack/scs/cluster-addon/Chart.yaml b/providers/openstack/scs/cluster-addon/Chart.yaml
index 7f8fa63b..ee5b155a 100644
--- a/providers/openstack/scs/cluster-addon/Chart.yaml
+++ b/providers/openstack/scs/cluster-addon/Chart.yaml
@@ -7,20 +7,15 @@ dependencies:
- alias: cilium
name: cilium
repository: https://helm.cilium.io/
- version: 1.16.3
+ version: 1.17.1
- alias: openstack-cloud-controller-manager
name: openstack-cloud-controller-manager
repository: https://kubernetes.github.io/cloud-provider-openstack
- version: 2.28.4
+ version: 2.30.4
- alias: openstack-cinder-csi
name: openstack-cinder-csi
repository: https://kubernetes.github.io/cloud-provider-openstack
- version: 2.28.2
- - alias: yawol-controller
- condition: yawol-controller.enabled
- name: yawol-controller
- repository: https://stackitcloud.github.io/yawol
- version: 0.25.0
-name: openstack-scs-1-29-cluster-addon
+ version: 2.30.2
+name: openstack-scs-1-30-cluster-addon
type: application
version: v1
diff --git a/providers/openstack/scs/cluster-addon/charts/cilium-1.16.3.tgz b/providers/openstack/scs/cluster-addon/charts/cilium-1.16.3.tgz
deleted file mode 100644
index eaca333a..00000000
Binary files a/providers/openstack/scs/cluster-addon/charts/cilium-1.16.3.tgz and /dev/null differ
diff --git a/providers/openstack/scs/cluster-addon/charts/cilium-1.17.1.tgz b/providers/openstack/scs/cluster-addon/charts/cilium-1.17.1.tgz
new file mode 100644
index 00000000..d95b80cb
Binary files /dev/null and b/providers/openstack/scs/cluster-addon/charts/cilium-1.17.1.tgz differ
diff --git a/providers/openstack/scs/cluster-addon/charts/metrics-server-3.12.0.tgz b/providers/openstack/scs/cluster-addon/charts/metrics-server-3.12.0.tgz
deleted file mode 100644
index 22f9f8dc..00000000
Binary files a/providers/openstack/scs/cluster-addon/charts/metrics-server-3.12.0.tgz and /dev/null differ
diff --git a/providers/openstack/scs/cluster-addon/charts/metrics-server-3.12.2.tgz b/providers/openstack/scs/cluster-addon/charts/metrics-server-3.12.2.tgz
new file mode 100644
index 00000000..4538e8a1
Binary files /dev/null and b/providers/openstack/scs/cluster-addon/charts/metrics-server-3.12.2.tgz differ
diff --git a/providers/openstack/scs/cluster-addon/charts/openstack-cinder-csi-2.28.2.tgz b/providers/openstack/scs/cluster-addon/charts/openstack-cinder-csi-2.28.2.tgz
deleted file mode 100644
index 6d9d8a5a..00000000
Binary files a/providers/openstack/scs/cluster-addon/charts/openstack-cinder-csi-2.28.2.tgz and /dev/null differ
diff --git a/providers/openstack/scs/cluster-addon/charts/openstack-cinder-csi-2.30.2.tgz b/providers/openstack/scs/cluster-addon/charts/openstack-cinder-csi-2.30.2.tgz
new file mode 100644
index 00000000..58fccdc4
Binary files /dev/null and b/providers/openstack/scs/cluster-addon/charts/openstack-cinder-csi-2.30.2.tgz differ
diff --git a/providers/openstack/scs/cluster-addon/charts/openstack-cloud-controller-manager-2.28.4.tgz b/providers/openstack/scs/cluster-addon/charts/openstack-cloud-controller-manager-2.28.4.tgz
deleted file mode 100644
index 96f4e388..00000000
Binary files a/providers/openstack/scs/cluster-addon/charts/openstack-cloud-controller-manager-2.28.4.tgz and /dev/null differ
diff --git a/providers/openstack/scs/cluster-addon/charts/openstack-cloud-controller-manager-2.30.4.tgz b/providers/openstack/scs/cluster-addon/charts/openstack-cloud-controller-manager-2.30.4.tgz
new file mode 100644
index 00000000..5ff56089
Binary files /dev/null and b/providers/openstack/scs/cluster-addon/charts/openstack-cloud-controller-manager-2.30.4.tgz differ
diff --git a/providers/openstack/scs/cluster-addon/charts/yawol-controller-0.21.3.tgz b/providers/openstack/scs/cluster-addon/charts/yawol-controller-0.21.3.tgz
deleted file mode 100644
index 68c0c18a..00000000
Binary files a/providers/openstack/scs/cluster-addon/charts/yawol-controller-0.21.3.tgz and /dev/null differ
diff --git a/providers/openstack/scs/cluster-addon/values.yaml b/providers/openstack/scs/cluster-addon/values.yaml
index 836bca29..5e13b07f 100644
--- a/providers/openstack/scs/cluster-addon/values.yaml
+++ b/providers/openstack/scs/cluster-addon/values.yaml
@@ -1,22 +1,5 @@
metrics-server:
fullnameOverride: metrics-server
- replicas: 1
- updateStrategy:
- type: RollingUpdate
- rollingUpdate:
- maxSurge: 0
- maxUnavailable: 1
-
- service:
- labels:
- kubernetes.io/cluster-service: "true"
- kubernetes.io/name: "Metrics-server"
-
- defaultArgs:
- - --cert-dir=/tmp
- - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- - --kubelet-use-node-status-port
- - --metric-resolution=15s
args:
- --kubelet-insecure-tls
@@ -28,11 +11,11 @@ openstack-cloud-controller-manager:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- - key: node.cloudprovider.kubernetes.io/uninitialized
- value: "true"
- effect: NoSchedule
- - key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
+ - key: node.cloudprovider.kubernetes.io/uninitialized
+ value: "true"
+ effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
openstack-cinder-csi:
secret:
enabled: true
@@ -41,17 +24,20 @@ openstack-cinder-csi:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- - key: node.cloudprovider.kubernetes.io/uninitialized
- value: "true"
- effect: NoSchedule
- - key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
+ - key: node.cloudprovider.kubernetes.io/uninitialized
+ value: "true"
+ effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
storageClass:
delete:
isDefault: true
-yawol-controller:
- yawolOSSecretName: cloud-config
- enabled: false
cilium:
+ tls:
+ secretsNamespace:
+ name: kube-system
+ sessionAffinity: true
+ sctp:
+ enabled: true
ipam:
mode: "kubernetes"
diff --git a/providers/openstack/scs/cluster-class/Chart.yaml b/providers/openstack/scs/cluster-class/Chart.yaml
index bcd2929c..901b5d93 100644
--- a/providers/openstack/scs/cluster-class/Chart.yaml
+++ b/providers/openstack/scs/cluster-class/Chart.yaml
@@ -1,9 +1,9 @@
apiVersion: v2
-description: "This chart installs and configures:
+description: 'This chart installs and configures:
* Openstack scs Cluster Class
- "
-name: openstack-scs-1-29-cluster-class
+ '
+name: openstack-scs-1-30-cluster-class
type: application
version: v1
diff --git a/providers/openstack/scs/cluster-class/templates/cluster-class.yaml b/providers/openstack/scs/cluster-class/templates/cluster-class.yaml
index 342a4c63..219c3765 100644
--- a/providers/openstack/scs/cluster-class/templates/cluster-class.yaml
+++ b/providers/openstack/scs/cluster-class/templates/cluster-class.yaml
@@ -74,45 +74,6 @@ spec:
default: 25
example: 25
description: "Root disk size in GiB for worker nodes. OpenStack volume will be created and used instead of an ephemeral disk defined in flavor. Should be used for the diskless flavors."
- - name: yawol_flavor_id
- required: false
- schema:
- openAPIV3Schema:
- type: string
- format: "uuid4"
- example: "0a79590e-10d7-4c2c-8f69-ca0a2c6208d2"
- description: "ID of the existing flavor used as a default yawol flavor."
- - name: yawol_image_id
- required: false
- schema:
- openAPIV3Schema:
- type: string
- format: "uuid4"
- example: "f0b2ef46-f0ff-43d2-9c08-f58a5a6e9060"
- description: "ID of the existing imaged used as a default yawol image."
- - name: kube_vip_network_id
- required: false
- schema:
- openAPIV3Schema:
- type: string
- format: "uuid4"
- example: "40a51f6c-9e4b-4b24-9187-49851a410c97"
- description: "ID of the existing network. The network should have one subnet with one port reserved as virtual IP."
- - name: kube_vip_apiserver_virtual_ip
- required: false
- schema:
- openAPIV3Schema:
- type: string
- format: "ipv4"
- example: "10.0.0.197"
- description: "Virtual IP address reserved in kube_vip_network_id."
- - name: kube_vip_apiserver_public_ip
- required: false
- schema:
- openAPIV3Schema:
- type: string
- format: "ipv4"
- description: "Public IP address associated with kube_vip_apiserver_virtual_ip. It is needed only when the management cluster is on a different network as a workload cluster."
- name: openstack_security_groups
required: false
schema:
@@ -169,7 +130,7 @@ spec:
openAPIV3Schema:
type: string
default: "octavia-amphora"
- example: "none, octavia-amphora, octavia-ovn, kube-vip"
+ example: "none, octavia-amphora, octavia-ovn"
description: |
"In this cluster-stack we have two kind of loadbalancers. Each of them has its own configuration variable. This setting here is to configure the loadbalancer that is placed in front of the apiserver.
To configure the loadbalancer for the workloads, see variable workload_loadbalancer.
@@ -183,16 +144,6 @@ spec:
octavia-ovn:
Uses openstack's loadbalancer service (provider:ovn)
-
- kube-vip:
- Uses kube-vip as loadbalancer.
- You have to provide the following additional variables:
- kube_vip_network_id
- kube_vip_apiserver_virtual_ip
- kube_vip_apiserver_public_ip
-
- Requires Kubernetes version < 1.29
- Also the settings node_cidr and dns_nameservers will no longer have an effect.
- name: workload_loadbalancer
required: false
@@ -200,7 +151,7 @@ spec:
openAPIV3Schema:
type: string
default: "octavia-amphora"
- example: "none, octavia-amphora, octavia-ovn, yawol"
+ example: "none, octavia-amphora, octavia-ovn"
description: |
"This setting here is to configure the loadbalancer solution for your services inside your cluster.
If you want to configure the loadbalancer in front of your apiserver, see variable apiserver_loadbalancer instead.
@@ -215,22 +166,15 @@ spec:
octavia-ovn:
Uses openstack's loadbalancer service (provider:ovn)
- yawol:
- Uses yawol as loadbalancer.
- You have to provide the following additional variables:
- yawol_flavor_id
- yawol_image_id
-
- Also note this setting does not work with application credentials (only username/password)"
- name: dns_nameservers
required: false
schema:
openAPIV3Schema:
type: array
description: |
- "DNSNameservers is the list of nameservers for the OpenStack Subnet being created. Set this value when you need to create a new network/subnet while the access through DNS is required.
- This setting has no effect when apiserver_loadbalancer is set to kube-vip.
- However you can set the dns server when creating the subnet for kube-vip."
+ "DNSNameservers is the list of nameservers for the OpenStack Subnet
+ being created. Set this value when you need to create a new network/subnet
+ while the access through DNS is required."
default: ["5.1.66.255", "185.150.99.255"]
example: ["5.1.66.255", "185.150.99.255"]
items:
@@ -244,9 +188,9 @@ spec:
default: "10.8.0.0/20"
example: "10.8.0.0/20"
description: |
- "NodeCIDR is the OpenStack Subnet to be created. Cluster actuator will create a network, a subnet with NodeCIDR, and a router connected to this subnet. If you leave this empty, no network will be created.
- This setting has no effect when apiserver_loadbalancer is set to kube-vip.
- However you can set the node_cidr when creating the subnet for kube-vip."
+ "NodeCIDR is the OpenStack Subnet to be created. Cluster actuator
+ will create a network, a subnet with NodeCIDR, and a router
+ connected to this subnet. If you leave this empty, no network will be created."
- name: certSANs
required: false
schema:
@@ -378,138 +322,6 @@ cre ate group names like oidc:engineering and oidc:infra."
- op: add
path: "/spec/template/spec/apiServerLoadBalancer/provider"
value: "ovn"
- - name: apiserver_loadbalancer_kube-vip
- description: "Takes care of the patches that should be applied when variable apiserver_loadbalancer is set to kube-vip."
- enabledIf: {{ `'{{ eq .apiserver_loadbalancer "kube-vip" }}'` }}
- definitions:
- - selector:
- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
- kind: OpenStackClusterTemplate
- matchResources:
- infrastructureCluster: true
- jsonPatches:
- - op: add
- path: "/spec/template/spec/network"
- valueFrom:
- template: |
- id: {{"{{"}} .kube_vip_network_id {{"}}"}}
- - op: add
- path: "/spec/template/spec/disableAPIServerFloatingIP"
- value: true
- - op: add
- path: "/spec/template/spec/apiServerFixedIP"
- valueFrom:
- template: {{ `"{{ if .kube_vip_apiserver_public_ip }}{{.kube_vip_apiserver_public_ip}}{{else}}{{.kube_vip_apiserver_virtual_ip}}{{end}}"` }}
- - selector:
- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
- kind: OpenStackMachineTemplate
- matchResources:
- controlPlane: true
- jsonPatches:
- - op: add
- path: "/spec/template/spec/ports"
- valueFrom:
- template: |
- - network:
- id: {{"{{"}} .kube_vip_network_id {{"}}"}}
- allowedAddressPairs:
- - ipAddress: {{"{{"}} .kube_vip_apiserver_virtual_ip {{"}}"}}
- - selector:
- apiVersion: controlplane.cluster.x-k8s.io/v1beta1
- kind: KubeadmControlPlaneTemplate
- matchResources:
- controlPlane: true
- jsonPatches:
- - op: add
- path: "/spec/template/spec/kubeadmConfigSpec/preKubeadmCommands"
- valueFrom:
- template: |
- - modprobe --all ip_vs ip_vs_rr nf_conntrack
- - op: add
- path: "/spec/template/spec/kubeadmConfigSpec/files"
- valueFrom:
- template: |
- - content: |
- ip_vs
- ip_vs_rr
- nf_conntrack
- owner: "root:root"
- path: /etc/modules-load.d/kube-vip.conf
- permissions: "0644"
- - op: add
- path: "/spec/template/spec/kubeadmConfigSpec/files/-"
- valueFrom:
- template: |
- content: |
- # docker run --network host --rm ghcr.io/kube-vip/kube-vip:v0.7.2 manifest pod --address '{{"{{"}} .kube_vip_apiserver_virtual_ip {{"}}"}}' --controlplane --arp --leaderElection --enableLoadBalancer
- apiVersion: v1
- kind: Pod
- metadata:
- creationTimestamp: null
- name: kube-vip
- namespace: kube-system
- spec:
- containers:
- - args:
- - manager
- env:
- - name: vip_arp
- value: "true"
- - name: port
- value: "6443"
- - name: vip_cidr
- value: "32"
- - name: dns_mode
- value: first
- - name: cp_enable
- value: "true"
- - name: cp_namespace
- value: kube-system
- - name: vip_leaderelection
- value: "true"
- - name: vip_leasename
- value: plndr-cp-lock
- - name: vip_leaseduration
- value: "5"
- - name: vip_renewdeadline
- value: "3"
- - name: vip_retryperiod
- value: "1"
- - name: lb_enable
- value: "true"
- - name: lb_port
- value: "6443"
- - name: lb_fwdmethod
- value: local
- - name: address
- value: '{{"{{"}} .kube_vip_apiserver_virtual_ip {{"}}"}}'
- - name: prometheus_server
- value: :2112
- image: ghcr.io/kube-vip/kube-vip:v0.7.2
- imagePullPolicy: IfNotPresent # Always
- name: kube-vip
- resources: {}
- securityContext:
- capabilities:
- add:
- - NET_ADMIN
- - NET_RAW
- volumeMounts:
- - mountPath: /etc/kubernetes/admin.conf
- name: kubeconfig
- hostAliases:
- - hostnames:
- - kubernetes
- ip: 127.0.0.1
- hostNetwork: true
- volumes:
- - hostPath:
- path: /etc/kubernetes/admin.conf
- name: kubeconfig
- status: {}
- owner: "root:root"
- path: /etc/kubernetes/manifests/kube-vip.yaml
- permissions: "0644"
- name: controller_flavor
description: "Sets the openstack instance flavor for the KubeadmControlPlane."
enabledIf: {{ `'{{ ne .controller_flavor "" }}'` }}
@@ -804,7 +616,7 @@ cre ate group names like oidc:engineering and oidc:infra."
variable: oidc_config.groups_prefix
- name: subnet
description: "Sets the NodeCIDR for the OpenStack Subnet to be created. Cluster actuator will create a network, a subnet with NodeCIDR, and a router connected to this subnet."
- enabledIf: {{ `"{{ if and .node_cidr (ne .apiserver_loadbalancer \"kube-vip\")}}true{{end}}"` }}
+ enabledIf: {{ `"{{ if .node_cidr }}true{{end}}"` }}
definitions:
- selector:
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
diff --git a/providers/openstack/scs/cluster-class/values.yaml b/providers/openstack/scs/cluster-class/values.yaml
index 32c4dc6d..779f0fce 100644
--- a/providers/openstack/scs/cluster-class/values.yaml
+++ b/providers/openstack/scs/cluster-class/values.yaml
@@ -2,16 +2,14 @@
controller_flavor: SCS-2V-4-20s
worker_flavor: SCS-2V-4-20
restrict_kubeapi: []
-
# newly introduced:
openstack_loadbalancer_apiserver: false
-
# TBD, currently needed:
images:
controlPlane:
- name: ubuntu-capi-image-v1.29.9
+ name: ubuntu-capi-image-v1.30.9
worker:
- name: ubuntu-capi-image-v1.29.9
+ name: ubuntu-capi-image-v1.30.9
identityRef:
name: openstack
cloudName: openstack
diff --git a/providers/openstack/scs/csctl.yaml b/providers/openstack/scs/csctl.yaml
index ac4594ae..0d022ef2 100644
--- a/providers/openstack/scs/csctl.yaml
+++ b/providers/openstack/scs/csctl.yaml
@@ -1,7 +1,7 @@
apiVersion: csctl.clusterstack.x-k8s.io/v1alpha1
config:
clusterStackName: scs
- kubernetesVersion: v1.29.9
+ kubernetesVersion: v1.30.9
provider:
apiVersion: openstack.csctl.clusterstack.x-k8s.io/v1alpha1
config:
diff --git a/providers/openstack/scs/node-images/config.yaml b/providers/openstack/scs/node-images/config.yaml
index 92dc1fa8..8c33ea11 100644
--- a/providers/openstack/scs/node-images/config.yaml
+++ b/providers/openstack/scs/node-images/config.yaml
@@ -3,6 +3,6 @@ openStackNodeImages:
- createOpts:
container_format: bare
disk_format: qcow2
- name: ubuntu-capi-image-v1.29.9
+ name: ubuntu-capi-image-v1.30.9
visibility: private
- url: https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/openstack-k8s-capi-images/ubuntu-2204-kube-v1.29/ubuntu-2204-kube-v1.29.9.qcow2
+ url: https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/openstack-k8s-capi-images/ubuntu-2204-kube-v1.30/ubuntu-2204-kube-v1.30.9.qcow2
diff --git a/providers/openstack/scs/versions.yaml b/providers/openstack/scs/versions.yaml
index 34aec57d..788b9325 100644
--- a/providers/openstack/scs/versions.yaml
+++ b/providers/openstack/scs/versions.yaml
@@ -1,9 +1,9 @@
-- kubernetes: 1.29.10
- cinder_csi: 2.29.2
- occm: 2.29.3
-- kubernetes: 1.30.6
- cinder_csi: 2.30.0
- occm: 2.30.3
-- kubernetes: 1.31.2
- cinder_csi: 2.31.2
- occm: 2.31.1
+- kubernetes: 1.30.9
+ cinder_csi: 2.30.3
+ occm: 2.30.5
+- kubernetes: 1.31.6
+ cinder_csi: 2.31.7
+ occm: 2.31.3
+- kubernetes: 1.32.1
+ cinder_csi: 2.32.0
+ occm: 2.32.0