Metakube will by default create all resources in SysEleven Stack it needs for a cluster.
You may want to manage them yourself, if you have special requirements.
Metakube may not prevent you from misconfiguring the network.
If you're unsure of what you need, please contact our support.
The Security Group created by default will allow the following traffic to/from your nodes:
NodePort (and LoadBalancer) type services.We don't recommend modifying the Security Group created by Metakube (metakube-<cluster-id>), since it's managed by Metakube and might receive automatic changes.
Openstack has a Security Group called default. This Security Group allows egress and traffic between members of the Security Group.
It's not suitable for Metakube clusters, since Octavia Load Balancers managed by Kubernetes won't work.
Please do not alter the rules in that Security Group!
You may want to use an existing Openstack network if you want more control over settings such as router configuration, or if you want to deploy other services next to your Metakube cluster in the same network.
The network needs at least one subnet that's used as the node network.
If it has multiple subnets, the one created first (the oldest) will be used.
IPv6 subnets (or dual stack setups), as they're now available in the FES region, are currently not supported.
This option is unavailable if you choose your own network.
By default, the nodes will be deployed in a subnet in the 192.168.1.0/24 IP range.
That may collide with other networks you control that need to be routable without NAT.
Or you may require a bigger IP space for more worker nodes.
You can change the IP range for the node subnet to a CIDR of your choice.