OpenStack Provider Setup

Purpose: For platform engineers, shows how to configure the OpenStack provider for production Kubernetes deployments on Rackspace OpenStack.

Prerequisites

Rackspace OpenStack account with API access
Application credentials created in Horizon or via CLI
Network and subnet pre-provisioned (or permissions to create them)
Floating IP pool available for load balancers
openCenter CLI installed (see CLI Installation)

Create Application Credentials

Generate application credentials in OpenStack (preferred over username/password):

openstack application credential create opencenter-deployer \
  --description "openCenter cluster provisioning"

Save the id and secret from the output.

Initialize Cluster

opencenter cluster init prod-cluster --org my-org --type openstack

Configure Provider Section

opencenter cluster edit prod-cluster

Set the OpenStack provider block:

opencenter:
  infrastructure:
    provider: openstack
    cloud:
      openstack:
        auth_url: https://identity.api.rackspacecloud.com/v3
        region: sjc3
        application_credential_id: ${OPENSTACK_APP_CRED_ID}
        application_credential_secret: ${OPENSTACK_APP_CRED_SECRET}
        network_name: my-network
        subnet_id: <subnet-uuid>
        floating_ip_pool: external
        image: Ubuntu-24.04
        flavor_control_plane: general1-8
        flavor_worker: general1-16
        availability_zone: nova

OpenStack-Specific Considerations

Serial API Calls

All OpenStack clusters default to provider-requires-serial-api-calls: true for the Cloud Controller Manager. This prevents load balancer API race conditions on Rackspace OpenStack. See ADR-002 for details.

Required Services

OpenStack clusters automatically include:

openstack-ccm — Cloud Controller Manager for LB and node integration
openstack-csi — Cinder CSI driver for persistent volumes
external-snapshotter — Volume snapshot support
metallb — LoadBalancer service type (when floating IPs are not used)

Storage Classes

The OpenStack CSI driver creates StorageClasses for Cinder volume types. Default is cinder-default with volumeType: __DEFAULT__.

Validate and Deploy

# Validate (checks OpenStack API connectivity and resource availability)
opencenter cluster validate prod-cluster

# Generate GitOps repository
opencenter cluster setup prod-cluster --render

# Provision infrastructure with Terraform
cd customers/my-org/infrastructure/clusters/prod-cluster/
terraform init
terraform apply

# Deploy Kubernetes with Kubespray
# (runs automatically via Terraform provisioner, or manually)

# Bootstrap FluxCD
opencenter cluster bootstrap prod-cluster

Verification

# Check OpenStack CCM is running
kubectl get pods -n kube-system -l app=openstack-cloud-controller-manager

# Verify Cinder CSI
kubectl get csidrivers | grep cinder

# Test LoadBalancer service
kubectl create service loadbalancer test-lb --tcp=80:80
kubectl get svc test-lb  # Should get an external IP
kubectl delete svc test-lb

Prerequisites​

Create Application Credentials​

Initialize Cluster​

Configure Provider Section​

OpenStack-Specific Considerations​

Serial API Calls​

Required Services​

Storage Classes​

Validate and Deploy​

Verification​