From 65a9772adfc8ae7d463c9b3cbc87a5dcd1dc1791 Mon Sep 17 00:00:00 2001
From: Kevin Lefevre <lefevre.kevin@gmail.com>
Date: Sun, 20 Aug 2017 12:59:15 +0200
Subject: [PATCH] Add OpenStack LBaaS support (#1506)

---
 inventory/group_vars/all.yml                             | 8 ++++++++
 .../preinstall/templates/openstack-cloud-config.j2       | 9 +++++++++
 roles/kubespray-defaults/defaults/main.yaml              | 8 ++++++++
 3 files changed, 25 insertions(+)

diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 15d4037ff..cc77138b8 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -74,6 +74,14 @@ bin_dir: /usr/local/bin
 #azure_vnet_name:
 #azure_route_table_name:
 
+## When OpenStack is used, if LBaaSv2 is available you can enable it with the following variables.
+#openstack_lbaas_enabled: True
+#openstack_lbaas_subnet_id: "Neutron subnet ID (not network ID) to create LBaaS VIP"
+#openstack_lbaas_create_monitor: "yes"
+#openstack_lbaas_monitor_delay: "1m"
+#openstack_lbaas_monitor_timeout: "30s"
+#openstack_lbaas_monitor_max_retries: "3"
+
 ## Set these proxy values in order to update docker daemon to use proxies
 #http_proxy: ""
 #https_proxy: ""
diff --git a/roles/kubernetes/preinstall/templates/openstack-cloud-config.j2 b/roles/kubernetes/preinstall/templates/openstack-cloud-config.j2
index 8f13fc6b9..bc68d1ee5 100644
--- a/roles/kubernetes/preinstall/templates/openstack-cloud-config.j2
+++ b/roles/kubernetes/preinstall/templates/openstack-cloud-config.j2
@@ -7,3 +7,12 @@ tenant-id={{ openstack_tenant_id }}
 {% if openstack_domain_name is defined and openstack_domain_name != "" %}
 domain-name={{ openstack_domain_name }}
 {% endif %}
+
+{% if openstack_lbaas_enabled and openstack_lbaas_subnet_id %}
+[LoadBalancer]
+subnet-id={{ openstack_lbaas_subnet_id }}
+create-monitor={{ openstack_lbaas_create_monitor }}
+monitor-delay={{ openstack_lbaas_monitor_delay }}
+monitor-timeout={{ openstack_lbaas_monitor_timeout }}
+monitor-max-retries={{ openstack_lbaas_monitor_max_retries }}
+{% endif %}
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 8d327856f..c2152814f 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -115,6 +115,14 @@ k8s_image_pull_policy: IfNotPresent
 efk_enabled: false
 enable_network_policy: false
 
+## When OpenStack is used, if LBaaSv2 is available you can enable it with the following variables.
+openstack_lbaas_enabled: false
+openstack_lbaas_subnet_id: "Neutron subnet ID (not network ID) to create LBaaS VIP"
+openstack_lbaas_create_monitor: "yes"
+openstack_lbaas_monitor_delay: false
+openstack_lbaas_monitor_timeout: false
+openstack_lbaas_monitor_max_retries: false
+
 ## List of authorization modes that must be configured for
 ## the k8s cluster. Only 'AlwaysAllow','AlwaysDeny', and
 ## 'RBAC' modes are tested.