Instruction for manual setup CPI with OpenStack

In-tree cloud provider integration

On Master and Worker nodes:

1. Generate /etc/kubernetes/cloud-config file

2. Add to /etc/sysconfig/kubelet

KUBELET_EXTRA_ARGS="--cloud-provider=openstack --cloud-config=/etc/kubernetes/cloud-config"

On Master nodes:

1. Add /etc/kubernetes/manifests/kube-apiserver.yaml and /etc/kubernetes/manifests/kube-controller-manager.yaml

    - --cloud-provider=openstack
    - --cloud-config=/etc/kubernetes/cloud-config

    - mountPath: /etc/kubernetes/cloud-config
      name: cloud-config
      readOnly: true

  - hostPath:
      path: /etc/kubernetes/cloud-config
      type: FileOrCreate
    name: cloud-config

On Master and Worker nodes:

1. Restart kubelet service

systemctl restart kubelet

Out-tree cloud provider integration

On Master and Worker nodes:

1. Add to /etc/sysconfig/kubelet

KUBELET_EXTRA_ARGS="--cloud-provider=external"

2. Restart kubelet service

systemctl restart kubelet

On Master node:

1. Update and copy cloud-config to /etc/kubernetes/cloud-config

2. Add "- --cloud-provider=external" to configuration to:

/etc/kubernetes/manifests/kube-apiserver.yaml
/etc/kubernetes/manifests/kube-controller-manager.yaml

3. Restart kubelet service

systemctl restart kubelet

4. Copy manifests folder on Master node:

5. Create cloud-config secret

export CLOUD_CONFIG=/etc/kubernetes/cloud-config
kubectl create secret -n kube-system generic cloud-config --from-literal=cloud.conf="$(cat $CLOUD_CONFIG)" --dry-run -o yaml > manifests/cloud-config-secret.yaml
kubectl apply -f manifests/cloud-config-secret.yaml

6. Create cloud-controller-manager ServiceAccount

kubectl apply -f manifests/cpi-service-account.yaml

7. Create RBAC for cloud-controller-manager

kubectl apply -f manifests/rbac/cloud-controller-manager-roles.yaml
kubectl apply -f manifests/rbac/cloud-controller-manager-role-bindings.yaml

8. Deploy cloud-controller-manager pod

kubectl apply -f manifests/cloud-controller-manager.yaml

9. Check logs of cloud-controller-manager

kubectl logs -n kube-system cloud-controller-manager

10. Deploy demo examples

Cinder CSI

To setup cinder with the out-tree provider it is easiest to use the manifests files that are provided as part of the upstream repository of the cloud-provider-openstack.

1. Clone the repository or download a zip-file, extract it and cd into the root-folder of the project.

2. Adjust the manifest files for the cinder-csi-plugin for the nodecontroller and the nodeplugin:

   • manifests/cinder-csi-plugin/cinder-csi-controllerplugin.yaml

   • manifests/cinder-csi-plugin/cinder-csi-nodeplugin.yaml

   Add the /etc/ssl/certs/SUSE_Trust_Root.pem certificate to the cinder-csi-plugin plugin container in both files:

       - name: cinder-csi-plugin
         # -- OMITTED --
         volumeMounts:
           # -- OMITTED --
           - name: suse-ca
             mountPath: /etc/ssl/certs/SUSE_Trust_Root.pem
             readOnly: true
     volumes:
       # -- OMITTED --
       - name: kubelet-dir
         hostPath:
           path: /var/lib/kubelet
           type: Directory

3. Remove the secret configuration file from the manifests (the secret has already been created):

rm manifests/cinder-csi-plugin/csi-secret-cinderplugin.yam

4. Apply the manifests/cinder-csi-plugin/ folder:

kubectl -f manifests/cinder-csi-plugin apply

5. Deploy the example nginx application that is using a PersistentVolumeClaim:

kubectl -f examples/cinder-csi-plugin/nginx.yaml create

6. Verify the PVC is bound:

kubectl get pvc
NAME                   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS          AGE
csi-pvc-cinderplugin   Bound    pvc-39e361a7-4bbe-4252-ba73-fb7ab01cea02   1Gi        RWO            csi-sc-cinderplugin   4s