Bring Your Own Resources

Introduction

By default, Switch Cloud Kubernetes (SCK) creates a network, subnet(s), router, and security group for each new cluster. However, if you need more control, you can bring your own (BYO) OpenStack resources created in the Switch Cloud Compute (SCC) service and use them during cluster creation.

Important

The resources created automatically by SCK are also deleted during cluster deletion. However, BYO resources are not removed. You are responsible for managing and removing those resources manually if they are no longer needed.

Example Scenarios

You can use BYO resources flexibly, depending on your needs:

• Custom security group only: Use your own firewall rules, while SCK creates the network, subnets, and router.

• Custom network and subnets only: Attach clusters to a project network with specific addressing, but use SCK-generated router and security group.

• Custom router only: Provide your own router for connectivity, while other resources are created by SCK.

• Combined BYO setup: Provide any combination of your own network, subnets, router, and security group, while letting SCK create the rest.

• Full BYO setup: Use your own network, subnets, router, and security group.

Prerequisites

Before creating the cluster, you must prepare the required resources in SCC. Use the following guides to create them:

• Create a Network and Subnets.
• Create a Router.
• Create a Security Group.

Create a Cluster with Your Own Resources

You can choose to use the previously created resources in the Settings step when creating a cluster. When you select the Provider Preset, your security group, network and subnets will be available to select in the Advanced Settings section. Select the desired resources and continue with the cluster creation as usual.

Notice that you cannot choose your own router at this step. SCK will create a new router and attach it to the relevant subnet(s) automatically unless one of the below conditions is true:

• You have selected a subnet which has a router attached already. Therefore if you also want to use your own router, create it and attach it to the relevant subnet before creating a cluster.
• You have selected the Skip Router Reconciliation feature at the Cluster step when creating a cluster. This is especially useful when you want to bring your own router only.

Tip

You can view the interactive, visual map of all your project's networks, subnets, routers, and instances, and how they are connected in the Horizon Dashboard under Project > Network > Network Topology. The naming convention for the router, network, security group, and subnets created automatically by SCK is kubernetes-<cluster_id> (kubernetes-<cluster_id>-ipv6 for IPv6 subnet).

Important

If you want to use your own router for a dual-stack cluster, remember to attach the router to both IPv4 and IPv6 subnets.

Bring Your Own Router Only

If you only want more control over the router and do not need to manage other resources, it is recommended to use the Skip Router Reconciliation feature at cluster creation and set the number of replicas in the initial MachineDeployment to 0. When the cluster is running, attach your router to the relevant subnet(s) and increase the number of replicas or add additional MachineDeployments afterwards.

If you want to delete such a cluster, first detach (or, if preferred, delete) your router. Otherwise, the cluster deletion will get stuck. You can still detach or delete the router if the cluster deletion is stuck. The deletion process will then continue.

Important

Your router must connect the cluster subnet(s) to the public network. The worker nodes require internet access.

Note

Instead of an OpenStack router, you can run a VM that acts as a router. This enables advanced features such as traffic filtering. However, we do not provide instructions or support for this setup.