[Global]
use-clouds = true
clouds-file = /etc/openstack/secret/clouds.yaml
cloud = openstack
...
[LoadBalancer]
enabled = trueBeginning with OKD 4.12, clusters that run on OpenStack were switched from the legacy OpenStack cloud provider to the external OpenStack Cloud Controller Manager (CCM). This change follows the move in Kubernetes from in-tree, legacy cloud providers to external cloud providers that are implemented by using the Cloud Controller Manager.
To preserve user-defined configurations for the legacy cloud provider, existing configurations are mapped to new ones as part of the migration process. It searches for a configuration called cloud-provider-config in the openshift-config namespace.
| The config map name cloud-provider-configis not statically configured. It is derived from thespec.cloudConfig.namevalue in theinfrastructure/clusterCRD. | 
Found configurations are synchronized to the cloud-conf config map in the openshift-cloud-controller-manager namespace.
As part of this synchronization, the OpenStack CCM Operator alters the new config map such that its properties are compatible with the external cloud provider. The file is changed in the following ways:
The [Global] secret-name, [Global] secret-namespace, and [Global] kubeconfig-path options are removed. They do not apply to the external cloud provider.
The [Global] use-clouds, [Global] clouds-file, and [Global] cloud options are added.
The entire [BlockStorage] section is removed. External cloud providers no longer perform storage operations. Block storage configuration is managed by the Cinder CSI driver.
Additionally, the CCM Operator enforces a number of default options. Values for these options are always overriden as follows:
[Global]
use-clouds = true
clouds-file = /etc/openstack/secret/clouds.yaml
cloud = openstack
...
[LoadBalancer]
enabled = trueThe clouds-value value, /etc/openstack/secret/clouds.yaml, is mapped to the openstack-cloud-credentials config in the openshift-cloud-controller-manager namespace. You can modify the OpenStack cloud in this file as you do any other clouds.yaml file.
An OpenStack CCM config map defines how your cluster interacts with your OpenStack cloud. By default, this configuration is stored under the cloud.conf key in the cloud-conf config map in the openshift-cloud-controller-manager namespace.
| The  To change the settings that are described by the  As part of this synchronization, the CCM Operator overrides some options. For more information, see "The OpenStack Cloud Controller Manager". | 
For example:
cloud-conf config mapapiVersion: v1
data:
  cloud.conf: |
    [Global] (1)
    secret-name = openstack-credentials
    secret-namespace = kube-system
    region = regionOne
    [LoadBalancer]
    enabled = True
kind: ConfigMap
metadata:
  creationTimestamp: "2022-12-20T17:01:08Z"
  name: cloud-conf
  namespace: openshift-cloud-controller-manager
  resourceVersion: "2519"
  uid: cbbeedaf-41ed-41c2-9f37-4885732d3677| 1 | Set global options by using a clouds.yamlfile rather than modifying the config map. | 
The following options are present in the config map. Except when indicated otherwise, they are mandatory for clusters that run on OpenStack.
CCM supports several load balancer options for deployments that use Octavia.
| Neutron-LBaaS support is deprecated. | 
| Option | Description | 
|---|---|
| 
 | Whether or not to enable the  | 
| 
 | Optional. The external network used to create floating IP addresses for load balancer virtual IP addresses (VIPs). If there are multiple external networks in the cloud, this option must be set or the user must specify  | 
| 
 | Optional. The external network subnet used to create floating IP addresses for the load balancer VIP. Can be overridden by the service annotation  | 
| 
 | Optional. A name pattern (glob or regular expression if starting with  | 
| 
 | Optional. Tags for the external network subnet used to create floating IP addresses for the load balancer VIP. Can be overridden by the service annotation  If the OpenStack network is configured with sharing disabled, for example, with the  | 
| 
 | The load balancing algorithm used to create the load balancer pool.
For the Amphora provider the value can be  For the OVN provider, only the  For the Amphora provider, if using the  | 
| 
 | Optional. Used to specify the provider of the load balancer, for example,  | 
| 
 | Optional. The load balancer API version. Only  | 
| 
 | The ID of the Networking service subnet on which load balancer VIPs are created. For dual stack deployments, leave this option unset. The OpenStack cloud provider automatically selects which subnet to use for a load balancer. | 
| 
 | The ID of the Networking service network on which load balancer VIPs are created. Unnecessary if  | 
| 
 | Whether or not to create a health monitor for the service load balancer. A health monitor is required for services that declare  This option is unsupported if you use OpenStack earlier than version 17 with the  | 
| 
 | The interval in seconds by which probes are sent to members of the load balancer. The default value is  | 
| 
 | The number of successful checks that are required to change the operating status of a load balancer member to  | 
| 
 | The time in seconds that a monitor waits to connect to the back end before it times out. The default value is  | 
| 
 | Whether or not to create an internal load balancer without floating IP addresses. The default value is  | 
| 
 | This is a config section that comprises a set of options: 
 The behavior of these options is the same as that of the identically named options in the load balancer section of the CCM config file. You can set the  | 
| 
 | The maximum number of services that can share a load balancer. The default value is  | 
The CCM Operator overrides the following options, which you might recognize from configuring OpenStack. Do not configure them yourself. They are included in this document for informational purposes only.
| Option | Description | 
|---|---|
| 
 | The OpenStack Identity service URL. For example,  | 
| 
 | The type of endpoint to use from the service catalog. | 
| 
 | The Identity service user name. | 
| 
 | The Identity service user password. | 
| 
 | The Identity service user domain ID. | 
| 
 | The Identity service user domain name. | 
| 
 | The Identity service project ID. Leave this option unset if you are using Identity service application credentials. In version 3 of the Identity API, which changed the identifier  | 
| 
 | The Identity service project name. | 
| 
 | The Identity service project domain ID. | 
| 
 | The Identity service project domain name. | 
| 
 | The Identity service user domain ID. | 
| 
 | The Identity service user domain name. | 
| 
 | Whether or not to fetch authorization credentials from a  CCM searches for the file in the following places: 
 | 
| 
 | The file path of a  | 
| 
 | The named cloud in the  |