Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version


Using Magnum for Pike and ran into the same issue. Please find below some detail about the issue, and the solution(s) I found.

The kubernetes nodes (both master and minions) need to reach several controller endpoints. At least the public Keystone, Heat, and Magnum endpoints, maybe more. The k8s nodes in my environment are also not able to resolve the controller hostname, and therefore can't reach the necessary endpoints.

I see three solutions to this issue.

1 Configure a DNS

This is probably the cleanest way to resolve the issue, especially if you intend to go prod. Configure a DNS and edit your magnum template to use this DNS :

openstack coe cluster template create [...] --dns-nameserver <my_DNS_IP> [...]

2 Configure local hostname resolution on your k8s nodes

This can be done by automatically pushing a /etc/hosts file into the k8s nodes. I did that by modifying the Heat templates used by Magnum.

In my case, the templates used for the Masters and Minions were found in this directory :


I added a resource configure_etc_hosts and added it to the init scripts in both files :

  configure_etc_hosts:       <---------------------------- Add this whole block
    type: OS::Heat::SoftwareConfig
      group: ungrouped
      config: |
        echo "<my_controller_IP> controller" >> /etc/hosts     <---- Change <my_controller_IP> to your actual controller IP
    type: OS::Heat::MultipartMime
        - config: {get_resource: configure_etc_hosts}      <-------------- Add this line
        - config: {get_resource: install_openstack_ca}
        - config: {get_resource: disable_selinux}

3 Change the controller endpoints to use IP addresses

According to me, this is not ideal for prod environments but can be useful for small test clusters.

You can edit the controller endpoints so the public endpoints for Keystone, Heat, and Magnum (at least, maybe more) are using the controller's IP address instead of the controller's hostname. The command to run, for example :

openstack endpoint set --url "http://<my_controller_IP>:8004/v1/%(tenant_id)s" d8be3b40d0724d89b2baa6f2aa8014a4

I know this is an old thread, but as I hit the same issues and found a solution, I believe this might be helpful for anyone in the same situation as me in the future.