Version 1.16. This version is no longer supported. For information about how to upgrade to version 1.28, seeUpgrade clustersin the latest documentation. For more information about supported and unsupported versions, see theVersioningpage in the latest documentation.
This guide explains how to configure theOpenStack Cloud Provider for Kubernetesin your Google Distributed Cloud cluster. The OpenStack Cloud Provider must be
configured to expose Kubernetes Services using theOpenStack LBaaS.
Prerequisites
This guide assumes that you have a Google Distributed Cloud cluster running in
your OpenStack environment with a setup similar to what is explained in theDeploy Distributed Cloud on OpenStackguide. Follow that
guide first before trying these steps.
Configure the provider
The following section assumes that you are starting from a terminal window in
your local workstation.
Source the OpenStack client configuration (openrc) file. You can download
it from the OpenStack WebUI.
sourcePATH_TO_OPENRC_FILE/openrc
Create the configuration file for the OpenStack Kubernetes Cloud Provider.
OS_AUTH_URL,OS_USERNAME,OS_PASSWORD: These variables should be already set
in the environment by source-ing theopenrcfile. Thus, they will be
automatically picked up.
PUBLIC_NETWORK_ID: This is the publicly accessible
network in your OpenStack deployment from whichFloating IPsare
allocated. It is from this network theLoadBalancer IPsfor the
Kubernetes services will be assigned. You can use a command similar tothis oneto fetch this IP from your OpenStack environment.
ABM_NETWORK_SUBNET_ID: This is the subnet on the
private network in your OpenStack deployment from which IPs are allocated
for the VMs running Google Distributed Cloud. You can use a command similar
tothis oneto fetch this IP from your OpenStack environment.
Fetch thepublic floating IP addressof theabm-wsVM.
exportOPENSTACK_IPS=$(openstackfloatingiplist--tags=abm_ws_floatingip-fjson)exportFLOATING_IP=$(jq-c'.[]."Floating IP Address"'<<<$OPENSTACK_IPS|tr-d'"')
Copy thecloud.conffile into theabm-wsVM in OpenStack.
scp./cloud.confubuntu@$FLOATING_IP:~
Log in securely into theabm-wsVM via SSH and log in as arootuser.
Therootuser as configured by theTerraform scriptsisabm.
sshubuntu@$FLOATING_IPsudo-uabm-i
Copy thecloud.conffiles into the$HOMEdirectory of therootuser.
cp/home/ubuntu/cloud.conf$HOME
Create aKubernetes Secretwith the configuration.
# make sure the kubectl client is pointing towards your Anthos on bare metal clusterexportKUBECONFIG=~/bmctl-workspace/CLUSTER_NAME/CLUSTER_NAME-kubeconfig# store the provider configurations as a Kubernetes secretkubectlcreatesecret-nkube-systemgenericcloud-config--from-file=cloud.conf
Install the OpenStack Cloud Provider for Kubernetes.
# create the necessary roles for the OpenStack providerkubectlapply-fhttps://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/master/manifests/controller-manager/cloud-controller-manager-roles.yaml# create the required role-bindings for the OpenStack providerkubectlapply-fhttps://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/master/manifests/controller-manager/cloud-controller-manager-role-bindings.yaml# create the OpenStack controller managerkubectlapply-fhttps://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/master/manifests/controller-manager/openstack-cloud-controller-manager-ds.yaml
# wait for the external IP to be assignedkubectlgetserviceapi-server-lb
NAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGE
api-server-lbLoadBalancer10.203.77.215172.29.249.15980:32378/TCP4m12s
Point-Of-Sales application accessed using theEXTERNAL-IP.
You can notice a newOpenStack Load Balancerbeing created in OpenStack by
visiting the OpenStack WebUI.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis guide details how to configure the OpenStack Cloud Provider for Kubernetes within a Google Distributed Cloud cluster to leverage OpenStack LBaaS for exposing Kubernetes Services.\u003c/p\u003e\n"],["\u003cp\u003eThe setup requires a Google Distributed Cloud cluster in an OpenStack environment, similar to the one described in the "Deploy Distributed Cloud on OpenStack" guide, and assumes an environment configured using a specific Terraform script.\u003c/p\u003e\n"],["\u003cp\u003eConfiguration involves sourcing an OpenStack client configuration file, creating a \u003ccode\u003ecloud.conf\u003c/code\u003e file with OpenStack credentials and network details, and copying it to the \u003ccode\u003eabm-ws\u003c/code\u003e VM.\u003c/p\u003e\n"],["\u003cp\u003eAfter configuring the \u003ccode\u003ecloud.conf\u003c/code\u003e file, you must create a Kubernetes Secret, and install the OpenStack Cloud Provider for Kubernetes via applying its required YAML manifest files.\u003c/p\u003e\n"],["\u003cp\u003eYou can validate the setup by deploying a sample application, exposing it via a LoadBalancer service, and observing the creation of a corresponding OpenStack Load Balancer.\u003c/p\u003e\n"]]],[],null,["# Configure the OpenStack Cloud Provider for Kubernetes\n\n\u003cbr /\u003e\n\nThis guide explains how to configure the\n[OpenStack Cloud Provider for Kubernetes](https://github.com/kubernetes/cloud-provider-openstack)\nin your Google Distributed Cloud cluster. The OpenStack Cloud Provider must be\nconfigured to expose Kubernetes Services using the\n[OpenStack LBaaS](https://docs.openstack.org/mitaka/networking-guide/config-lbaas.html).\n\nPrerequisites\n-------------\n\nThis guide assumes that you have a Google Distributed Cloud cluster running in\nyour OpenStack environment with a setup similar to what is explained in the\n[Deploy Distributed Cloud on OpenStack](/anthos/clusters/docs/bare-metal/1.16/installing/openstack-abm-install) guide. Follow that\nguide first before trying these steps.\n[](../images/openstack-setup.png) **Warning:** All the commands that follow assumes that the environment for Google Distributed Cloud in OpenStack was setup using this [Terraform script](https://github.com/GoogleCloudPlatform/anthos-samples/tree/master/anthos-bm-openstack-terraform#terraform-example-to-create-openstack-vms-for-anthos). Thus, the names (VM name, Network name, Root user etc.) used in the commands are what is used by the Terraform script. Please adjust the commands according to your setup if you configured the OpenStack environment manually.\n\nConfigure the provider\n----------------------\n\nThe following section assumes that you are starting from a terminal window in\nyour local workstation.\n\n1. Source the OpenStack client configuration (`openrc`) file. You can download\n it from the OpenStack WebUI.\n\n source \u003cvar translate=\"no\"\u003ePATH_TO_OPENRC_FILE\u003c/var\u003e/openrc\n\n2. Create the configuration file for the OpenStack Kubernetes Cloud Provider.\n\n cat \u003e cloud.conf \u003c\u003c EOF\n [Global]\n auth-url=${OS_AUTH_URL}\n username=${OS_USERNAME}\n password=${OS_PASSWORD}\n region=RegionOne\n tenant-name=admin\n domain-id=default\n # this is for using a self-signed cert if your using a CA then comment this line\n # and point to the CA certificate using the \"ca-file\" arg\n tls-Insecure=true \n\n [LoadBalancer]\n use-octavia=true\n # this is generally the public network on OpenStack\n floating-network-id=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003ePUBLIC_NETWORK_ID\u003c/span\u003e\u003c/var\u003e\n # this should be private network subnet where vip is allocated for the ABM nodes\n subnet-id=\u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-n\"\u003eABM_NETWORK_SUBNET_ID\u003c/span\u003e\u003c/var\u003e\n\n [BlockStorage]\n bs-version=v2\n EOF\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eOS_AUTH_URL\u003c/code\u003e\u003c/var\u003e, \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eOS_USERNAME\u003c/code\u003e\u003c/var\u003e, \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eOS_PASSWORD\u003c/code\u003e\u003c/var\u003e: These variables should be already set in the environment by source-ing the `openrc` file. Thus, they will be automatically picked up.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003ePUBLIC_NETWORK_ID\u003c/code\u003e\u003c/var\u003e: This is the publicly accessible network in your OpenStack deployment from which **Floating IPs** are allocated. It is from this network the `LoadBalancer IPs` for the Kubernetes services will be assigned. You can use a command similar to [this one](https://github.com/GoogleCloudPlatform/anthos-samples/blob/master/anthos-bm-openstack-terraform/docs/openstack_cloud_provider.md#4-get-the-id-of-the-public-network-in-openstack) to fetch this IP from your OpenStack environment.\n - \u003cvar translate=\"no\"\u003e\u003ccode translate=\"no\" dir=\"ltr\"\u003eABM_NETWORK_SUBNET_ID\u003c/code\u003e\u003c/var\u003e: This is the subnet on the private network in your OpenStack deployment from which IPs are allocated for the VMs running Google Distributed Cloud. You can use a command similar to [this one](https://github.com/GoogleCloudPlatform/anthos-samples/blob/master/anthos-bm-openstack-terraform/docs/openstack_cloud_provider.md#5-get-the-id-of-the-subnetwork-connecting-the-anthos-on-bare-metal-vms-in-openstack) to fetch this IP from your OpenStack environment.\n\n | **Note:** Edit the `cloud.conf` file to meet your needs and environment. What is shown here is only an example. For more information about all configuration parameters, see the [OpenStack Cloud Provider docs](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/openstack-cloud-controller-manager/using-openstack-cloud-controller-manager.md#config-openstack-cloud-controller-manager).\n3. Fetch the **public floating IP address** of the `abm-ws` VM.\n\n export OPENSTACK_IPS=$(openstack floating ip list --tags=abm_ws_floatingip -f json)\n export FLOATING_IP=$(jq -c '.[].\"Floating IP Address\"' \u003c\u003c\u003c $OPENSTACK_IPS | tr -d '\"')\n\n4. Copy the `cloud.conf` file into the `abm-ws` VM in OpenStack.\n\n scp ./cloud.conf ubuntu@$FLOATING_IP:~\n\n | **Note:** If you have public key authentication configured for your VM use the `\"-o IdentitiesOnly=yes -i \u003cPATH_TO_KEY\u003e\"` flags with the SCP/SSH commands.\n5. Log in securely into the `abm-ws` VM via SSH and log in as a `root` user.\n The `root` user as configured by the\n [Terraform scripts](https://github.com/GoogleCloudPlatform/anthos-samples/tree/master/anthos-bm-openstack-terraform#terraform-example-to-create-openstack-vms-for-anthos)\n is `abm`.\n\n ssh ubuntu@$FLOATING_IP\n sudo -u abm -i\n\n6. Copy the `cloud.conf` files into the `$HOME` directory of the `root` user.\n\n cp /home/ubuntu/cloud.conf $HOME\n\n7. Create a `Kubernetes Secret` with the configuration.\n\n # make sure the kubectl client is pointing towards your Anthos on bare metal cluster\n export KUBECONFIG=~/bmctl-workspace/\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e/\u003cvar translate=\"no\"\u003eCLUSTER_NAME\u003c/var\u003e-kubeconfig\n\n # store the provider configurations as a Kubernetes secret\n kubectl create secret -n kube-system generic cloud-config --from-file=cloud.conf\n\n8. Install the OpenStack Cloud Provider for Kubernetes.\n\n # create the necessary roles for the OpenStack provider\n kubectl apply -f https://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/master/manifests/controller-manager/cloud-controller-manager-roles.yaml\n\n # create the required role-bindings for the OpenStack provider\n kubectl apply -f https://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/master/manifests/controller-manager/cloud-controller-manager-role-bindings.yaml\n\n # create the OpenStack controller manager\n kubectl apply -f https://raw.githubusercontent.com/kubernetes/cloud-provider-openstack/master/manifests/controller-manager/openstack-cloud-controller-manager-ds.yaml\n\nValidate the OpenStack integration\n----------------------------------\n\n1. Deploy the sample\n [Point-Of-Sales application](https://github.com/GoogleCloudPlatform/point-of-sale).\n\n kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/anthos-samples/master/anthos-bm-openstack-terraform/resources/point-of-sales.yaml\n\n2. Verify if the application pods are running.\n\n kubectl get pods\n\n Expected output: \n\n NAME READY STATUS RESTARTS AGE\n api-server-7db4777f7f-zflk5 1/1 Running 0 74s\n inventory-58c6fb5568-dqk2x 1/1 Running 0 74s\n payments-68d5d65d5c-5mjl6 1/1 Running 0 74s\n\n3. Exposed the application via a service of type `LoadBalancer`.\n\n kubectl apply -f https://raw.githubusercontent.com/GoogleCloudPlatform/anthos-samples/master/anthos-bm-openstack-terraform/resources/point-of-sales-service.yaml\n\n4. Try accessing the service from a browser.\n\n # wait for the external IP to be assigned\n kubectl get service api-server-lb\n\n NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\n api-server-lb LoadBalancer 10.203.77.215 172.29.249.159 80:32378/TCP 4m12s\n\n Point-Of-Sales application accessed using the `EXTERNAL-IP`.\n [](../images/pos-app.png)\n\n \u003cbr /\u003e\n\n You can notice a new **OpenStack Load Balancer** being created in OpenStack by\n visiting the OpenStack WebUI.\n [](../images/k8s-lb-openstack.png)"]]
