This section describes the input parameters required to add an OpenStack provider. In addition, NSX-T backend networking requires specific configuration parameters.

An OpenStack provider requires the following information.

Table 1. OpenStack Authentication



Keystone Public URL

Full Keystone public endpoint URL including protocol (http or https), port and API version. For example,


OpenStack username


OpenStack password

Project name

OpenStack project name

Region name (Default: nova)

OpenStack region name

Domain name (optional)

OpenStack domain name. Leave blank when using version 2 of authentication API. Must be set for v3.

CA Certificate

Certificate for authentication with the OpenStack Keystone service that is located on the VMware Integrated OpenStack loadbalancer node at /usr/local/share/ca-sertificates/vio.crt.

Table 2. Image and Flavor



Image username

Used to establish SSH connection with cluster nodes. This user must be able run sudo without a password. For example, the default user for Ubuntu cloud images is ubuntu.

Image ID of the Ubuntu image

OpenStack image ID


The image must have '{"disk.EnableUUID":"TRUE"}' in the vmware_extra_config property.

Flavor ID

OpenStack flavor ID

Table 3. Networking and Security



NSX-T Networking

See Configuration Information for NSX-T Networking.

Security Group ID

Security group ID to be applied to all VMs

Internal Network ID of Kubernetes cluster network

Internal network ID used for nodes IPs

Internal network Subnet ID

Subnet ID of the internal network used for allocating the IPs

External Network ID used for floating IPs

External network ID used to assign floating IPs

Configuration Information for NSX-T Networking

NSX-T networking requires specific input parameters.



Manager address

NSX-T manager FQDN or IP


NSX-T manager username


NSX-T manager password

Tier 0 Router

Tier 0 router ID configured for OpenStack

Transport zone

Transport zone ID configured for OpenStack