[ English | Indonesia | 한국어 (대한민국) | Deutsch | English (United Kingdom) ]

Kubernetes and Common Setup

Install Basic Utilities

To get started with OSH, we will need both git and curl.

sudo apt install git curl

Clone the OpenStack-Helm Repos

Once the host has been configured the repos containing the OpenStack-Helm charts should be cloned:

set -xe

git clone https://opendev.org/openstack/openstack-helm-infra.git
git clone https://opendev.org/openstack/openstack-helm.git

OSH Proxy & DNS Configuration


If you are not deploying OSH behind a proxy, skip this step and continue with “Deploy Kubernetes & Helm”.

In order to deploy OSH behind a proxy, add the following entries to openstack-helm-infra/tools/gate/devel/local-vars.yaml:

  http: http://PROXY_URL:PORT
  https: https://PROXY_URL:PORT


Depending on your specific proxy, https_proxy may be the same as http_proxy. Refer to your specific proxy documentation.

By default OSH will use Google DNS Server IPs (, and will update resolv.conf as a result. If those IPs are blocked by your proxy, running the OSH scripts will result in the inability to connect to anything on the network. These DNS nameserver entries can be changed by updating the external_dns_nameservers entry in the file openstack-helm-infra/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml.


These values can be retrieved by running:

systemd-resolve --status

Deploy Kubernetes & Helm

You may now deploy kubernetes, and helm onto your machine, first move into the openstack-helm directory and then run the following:

: ${OSH_INFRA_PATH:="../openstack-helm-infra"}
make dev-deploy setup-host
make dev-deploy k8s

Alternatively, this step can be performed by running the script directly:


This command will deploy a single node KubeADM administered cluster. This will use the parameters in ${OSH_INFRA_PATH}/playbooks/vars.yaml to control the deployment, which can be over-ridden by adding entries to ${OSH_INFRA_PATH}/tools/gate/devel/local-vars.yaml.

Helm Chart Installation

Using the Helm packages previously pushed to the local Helm repository, run the following commands to instruct tiller to create an instance of the given chart. During installation, the helm client will print useful information about resources created, the state of the Helm releases, and whether any additional configuration steps are necessary.

Install OpenStack-Helm


The following commands all assume that they are run from the openstack-helm directory and the repos have been cloned as above.

Setup Clients on the host and assemble the charts

The OpenStack clients and Kubernetes RBAC rules, along with assembly of the charts can be performed by running the following commands:

sudo -H -E pip3 install \
  -c${UPPER_CONSTRAINTS_FILE:=https://releases.openstack.org/constraints/upper/master} \
  cmd2 python-openstackclient python-heatclient --ignore-installed

sudo -H mkdir -p /etc/openstack
sudo -H chown -R $(id -un): /etc/openstack
tee /etc/openstack/clouds.yaml << EOF
    region_name: RegionOne
    identity_api_version: 3
      username: 'admin'
      password: 'password'
      project_name: 'admin'
      project_domain_name: 'default'
      user_domain_name: 'default'
      auth_url: 'http://keystone.openstack.svc.cluster.local/v3'

#NOTE: Build helm-toolkit, most charts depend on helm-toolkit
make helm-toolkit

Alternatively, this step can be performed by running the script directly:


Deploy the ingress controller

#NOTE: Get the over-rides to use
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
: ${OSH_EXTRA_HELM_ARGS_INGRESS:="$(./tools/deployment/common/get-values-overrides.sh ingress)"}

#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} ingress

#NOTE: Deploy command
tee /tmp/ingress-kube-system.yaml << EOF
  mode: cluster
  type: DaemonSet
  host_namespace: true

touch /tmp/ingress-component.yaml

if [ -n "${OSH_DEPLOY_MULTINODE}" ]; then
  tee --append /tmp/ingress-kube-system.yaml << EOF
    error_page: 2

  tee /tmp/ingress-component.yaml << EOF
    ingress: 2
    error_page: 2

helm upgrade --install ingress-kube-system ${HELM_CHART_ROOT_PATH}/ingress \
  --namespace=kube-system \
  --values=/tmp/ingress-kube-system.yaml \

#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system

#NOTE: Display info
helm status ingress-kube-system

#NOTE: Deploy namespace ingress
helm upgrade --install ingress-openstack ${HELM_CHART_ROOT_PATH}/ingress \
  --namespace=openstack \
  --values=/tmp/ingress-component.yaml \

#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack

#NOTE: Display info
helm status ingress-openstack

helm upgrade --install ingress-ceph ${HELM_CHART_ROOT_PATH}/ingress \
  --namespace=ceph \
  --values=/tmp/ingress-component.yaml \

#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh ceph

#NOTE: Display info
helm status ingress-ceph

Alternatively, this step can be performed by running the script directly:


To continue to deploy OpenStack on Kubernetes via OSH, see Deploy NFS or Deploy Ceph.