Merge pull request #65 from wkonitzer/openstack-only

Additions to add OpenStack support

README.md

@@ -16,6 +16,7 @@ All demos in here provide their own complete ClusterTemplates and ServiceTemplat
    1. [Infrastructure setup](#infra-setup)
       1. [AWS setup](#aws-setup)
       1. [Azure setup](#azure-setup)
+      1. [OpenStack setup](#openstack-setup)
 1. [Demo 1: Standalone Cluster Deployment](#demo-1-standalone-cluster-deployment)
 1. [Demo 2: Single Standalone Cluster Upgrade](#demo-2-single-standalone-cluster-upgrade)
 1. [Demo 3: Install ServiceTemplate into single cluster](#demo-3-install-servicetemplate-into-single-cluster)
@@ -123,6 +124,7 @@ As next you need to decide into which infrastructure you would like to install t
 
 - AWS
 - Azure
+- OpenStack
 
 #### AWS Setup
 
@@ -190,6 +192,33 @@ This assumes that you already have configured the required [Azure providers](htt
     azure-cluster-identity-cred   true    Azure credentials
     ```
 
+#### OpenStack Setup
+
+> Expected completion time ~2 min
+
+This assumes that you already have configured an Application Credential in OpenStack, the flavor "m1.medium" exists, and an image called "ubuntu-22.04" is present.
+
+1. Export Application Credential as environment variables:
+    ```shell
+    export OS_APPLICATION_CREDENTIAL_ID="OpenStack application credential key"
+    export OS_APPLICATION_CREDENTIAL_SECRET="OpenStack application credential secret"
+    export OS_AUTH_URL="OpenStack auth url"
+    ````
+2. Install Credentials into k0rdent:
+    ```shell
+    make apply-openstack-creds
+    ```
+
+3. Check that credentials are ready to use
+    ```shell
+    make get-creds-openstack
+    ```
+    The output should be similar to:
+    ```
+    NAME                              READY   DESCRIPTION
+    openstack-cluster-identity-cred   true    OpenStack credentials
+    ```
+
 ### Demo Cluster Setup
 
 **Skip this step if you just want to run demos for your own**
@@ -331,6 +360,8 @@ In the real world this would most probably be done by a Platform Team Lead that
 
 > Expected completion time ~10 min
 
+> Disclaimer: The current upgrade process updates the control plane nodes automatically during the upgrade. However, worker nodes are not updated in place. Instead, new worker nodes need to be created, and the old ones deleted to complete the upgrade. This behavior is expected and follows standard Kubernetes cluster upgrade practices. There is ongoing work to explore ways to improve this process, but any changes would need to balance convenience with maintaining compatibility with CAPI practices.
+
 This demo shows how to upgrade an existing cluster through the cluster template system. This expects [Demo 1](#demo-1-standalone-cluster-deployment) to be completed or the `aws-test1` cluster already created during the [Demo Setup](#demo-cluster-setup).
 
 This demo will upgrade the k8s cluster from `v1.31.2+k0s.0` (which is part of the `demo-aws-standalone-cp-0.0.1` template) to `v1.31.3+k0s.0` (which is part of `demo-aws-standalone-cp-0.0.2`)
@@ -541,7 +572,7 @@ Be aware though that the cluster creation takes around 10-15mins, so depending o
 
 4. You can also check the deployment status for all clusters in the `MultiClusterService` object:
     ```shell
-    make get-yaml-milticlasterservice-global-kyverno
+    make get-yaml-multiclusterservice-global-kyverno
     ```
 
     In the output you can find information about clusters where the service is deployed (username suffix will be present only if you specified the `USERNAME` variable at the [`General Setup`](#general-setup) step):
@@ -652,6 +683,8 @@ Be aware though that the cluster creation takes around 10-15mins, so depending o
 
 > Expected completion time ~10-15 min
 
+> Note: Currently not working correctly for OpenStack due to CAPO internal implementation out side of k0rdent.
+
 1. Create Cluster in blue namespace (this will be ran as platform engineer)
     ```shell
     make apply-cluster-deployment-aws-dev1-0.0.1

clusterDeployments/openstack/0.0.1-ingress.yaml

@@ -0,0 +1,36 @@
+apiVersion: k0rdent.mirantis.com/v1alpha1
+kind: ClusterDeployment
+metadata:
+  name: ${NAMESPACE}-openstack-${CLUSTERNAME}${UNIQUE_SUFFIX}
+  namespace: ${NAMESPACE}
+spec:
+  template: demo-openstack-standalone-cp-0.0.1
+  credential: openstack-cluster-identity-cred
+  config:
+    clusterLabels:
+      k0rdent: demo    
+    controlPlaneNumber: 1
+    workersNumber: 2
+    controlplane:
+      flavor: m1.medium
+      image:
+        filter:
+          name: ubuntu-22.04
+    worker:
+      flavor: m1.medium
+      image:
+        filter:
+          name: ubuntu-22.04
+    externalNetwork:
+      filter:
+        name: public
+    authURL: ${OS_AUTH_URL}
+    identityRef:
+      name: openstack-cloud-config
+      cloudName: openstack
+      region: RegionOne
+  serviceSpec:
+    services:
+      - template: demo-ingress-nginx-4.11.0
+        name: ingress-nginx
+        namespace: ingress-nginx      

clusterDeployments/openstack/0.0.1.yaml

@@ -0,0 +1,31 @@
+apiVersion: k0rdent.mirantis.com/v1alpha1
+kind: ClusterDeployment
+metadata:
+  name: ${NAMESPACE}-openstack-${CLUSTERNAME}${UNIQUE_SUFFIX}
+  namespace: ${NAMESPACE}
+spec:
+  template: demo-openstack-standalone-cp-0.0.1
+  credential: openstack-cluster-identity-cred
+  config:
+    clusterLabels:
+      k0rdent: demo    
+    controlPlaneNumber: 1
+    workersNumber: 2
+    controlplane:
+      flavor: m1.medium
+      image:
+        filter:
+          name: ubuntu-22.04
+    worker:
+      flavor: m1.medium
+      image:
+        filter:
+          name: ubuntu-22.04
+    externalNetwork:
+      filter:
+        name: public
+    authURL: ${OS_AUTH_URL}
+    identityRef:
+      name: openstack-cloud-config
+      cloudName: openstack
+      region: RegionOne

clusterDeployments/openstack/0.0.2-ingress.yaml

@@ -0,0 +1,38 @@
+apiVersion: k0rdent.mirantis.com/v1alpha1
+kind: ClusterDeployment
+metadata:
+  name: ${NAMESPACE}-openstack-${CLUSTERNAME}${UNIQUE_SUFFIX}
+  namespace: ${NAMESPACE}
+spec:
+  template: demo-openstack-standalone-cp-0.0.2
+  credential: openstack-cluster-identity-cred
+  config:
+    clusterLabels:
+      k0rdent: demo    
+    clusterLabels:
+      k0rdent: demo    
+    controlPlaneNumber: 1
+    workersNumber: 2
+    controlplane:
+      flavor: m1.medium
+      image:
+        filter:
+          name: ubuntu-22.04
+    worker:
+      flavor: m1.medium
+      image:
+        filter:
+          name: ubuntu-22.04
+    externalNetwork:
+      filter:
+        name: public
+    authURL: ${OS_AUTH_URL}
+    identityRef:
+      name: openstack-cloud-config
+      cloudName: openstack
+      region: RegionOne
+  serviceSpec:
+    services:
+      - template: demo-ingress-nginx-4.11.0
+        name: ingress-nginx
+        namespace: ingress-nginx

clusterDeployments/openstack/0.0.2.yaml

@@ -0,0 +1,31 @@
+apiVersion: k0rdent.mirantis.com/v1alpha1
+kind: ClusterDeployment
+metadata:
+  name: ${NAMESPACE}-openstack-${CLUSTERNAME}${UNIQUE_SUFFIX}
+  namespace: ${NAMESPACE}
+spec:
+  template: demo-openstack-standalone-cp-0.0.2
+  credential: openstack-cluster-identity-cred
+  config:
+    clusterLabels:
+      k0rdent: demo    
+    controlPlaneNumber: 1
+    workersNumber: 2
+    controlplane:
+      flavor: m1.medium
+      image:
+        filter:
+          name: ubuntu-22.04
+    worker:
+      flavor: m1.medium
+      image:
+        filter:
+          name: ubuntu-22.04
+    externalNetwork:
+      filter:
+        name: public
+    authURL: ${OS_AUTH_URL}
+    identityRef:
+      name: openstack-cloud-config
+      cloudName: openstack
+      region: RegionOne

setup/openstack-credentials.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openstack-cloud-config
+  namespace: k0rdent
+type: Opaque
+stringData:
+  clouds.yaml: |
+    clouds:
+      openstack:
+        auth:
+          auth_url: ${OS_AUTH_URL}
+          application_credential_id: ${OS_APPLICATION_CREDENTIAL_ID}
+          application_credential_secret: ${OS_APPLICATION_CREDENTIAL_SECRET}
+        region_name: RegionOne
+        interface: public
+        identity_api_version: 3
+        auth_type: v3applicationcredential
+---
+apiVersion: k0rdent.mirantis.com/v1alpha1
+kind: Credential
+metadata:
+  name: openstack-cluster-identity-cred
+  namespace: ${TESTING_NAMESPACE}
+spec:
+  description: OpenStack credentials
+  identityRef:
+    apiVersion: v1
+    kind: Secret
+    name: openstack-cloud-config
+    namespace: ${TESTING_NAMESPACE}

templates/cluster/demo-openstack-standalone-cp-0.0.1.yaml

@@ -0,0 +1,24 @@
+---
+apiVersion: k0rdent.mirantis.com/v1alpha1
+kind: ClusterTemplate
+metadata:
+  name: demo-openstack-standalone-cp-0.0.1
+  namespace: ${NAMESPACE}
+spec:
+  helm:
+    chartSpec:
+      chart: demo-openstack-standalone-cp
+      version: 0.0.1
+      interval: 10m0s
+      sourceRef:
+        kind: HelmRepository
+        name: k0rdent-demos
+---
+apiVersion: k0rdent.mirantis.com/v1alpha1
+kind: ClusterTemplateChain
+metadata:
+  name: demo-openstack-standalone-cp-0.0.1
+  namespace: ${NAMESPACE}
+spec:
+  supportedTemplates:
+    - name: demo-openstack-standalone-cp-0.0.1

templates/cluster/demo-openstack-standalone-cp-0.0.1/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+name: demo-openstack-standalone-cp
+description: |
+  A KCM template to deploy a k0s cluster on OpenStack with bootstrapped control plane nodes.
+type: application
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.31.1+k0s.1"
+annotations:
+  cluster.x-k8s.io/provider: infrastructure-openstack, control-plane-k0smotron, bootstrap-k0smotron
+  cluster.x-k8s.io/bootstrap-k0smotron: v1beta1
+  cluster.x-k8s.io/control-plane-k0smotron: v1beta1
+  cluster.x-k8s.io/infrastructure-openstack: v1beta1

templates/cluster/demo-openstack-standalone-cp-0.0.1/templates/_helpers.tpl

@@ -0,0 +1,23 @@
+{{- define "cluster.name" -}}
+    {{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "openstackmachinetemplate.controlplane.name" -}}
+    {{- include "cluster.name" . }}-cp-mt
+{{- end }}
+
+{{- define "openstackmachinetemplate.worker.name" -}}
+    {{- include "cluster.name" . }}-worker-mt
+{{- end }}
+
+{{- define "k0scontrolplane.name" -}}
+    {{- include "cluster.name" . }}-cp
+{{- end }}
+
+{{- define "k0sworkerconfigtemplate.name" -}}
+    {{- include "cluster.name" . }}-machine-config
+{{- end }}
+
+{{- define "machinedeployment.name" -}}
+    {{- include "cluster.name" . }}-md
+{{- end }}

templates/cluster/demo-openstack-standalone-cp-0.0.1/templates/cluster.yaml

@@ -0,0 +1,20 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: {{ include "cluster.name" . }}
+  {{- if .Values.clusterLabels }}
+  labels: {{- toYaml .Values.clusterLabels | nindent 4}}
+  {{- end }}  
+spec:
+  {{- with .Values.clusterNetwork }}
+  clusterNetwork:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  controlPlaneRef:
+    apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+    kind: K0sControlPlane
+    name: {{ include "k0scontrolplane.name" .  }}
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: OpenStackCluster
+    name: {{ include "cluster.name" . }}