diff --git a/dt/uni04delta-ipv6/kustomization.yaml b/dt/uni04delta-ipv6/kustomization.yaml index 37affda58..9d1906062 100644 --- a/dt/uni04delta-ipv6/kustomization.yaml +++ b/dt/uni04delta-ipv6/kustomization.yaml @@ -82,6 +82,7 @@ replacements: - spec.neutron.template.customServiceConfig options: create: true + - source: kind: ConfigMap name: network-values diff --git a/dt/uni04delta-ipv6/nad.yaml b/dt/uni04delta-ipv6/nad.yaml index 5cf4d4cce..0b072b91d 100644 --- a/dt/uni04delta-ipv6/nad.yaml +++ b/dt/uni04delta-ipv6/nad.yaml @@ -9,3 +9,14 @@ metadata: spec: config: | _replaced_ +--- +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: octavia + labels: + osp/net: octavia + osp/net-attach-def-type: standard +spec: + config: | + _replaced_ diff --git a/dt/uni04delta-ipv6/nncp/kustomization.yaml b/dt/uni04delta-ipv6/nncp/kustomization.yaml index 1e6c1cee2..f8efe3140 100644 --- a/dt/uni04delta-ipv6/nncp/kustomization.yaml +++ b/dt/uni04delta-ipv6/nncp/kustomization.yaml @@ -118,6 +118,59 @@ patches: name: master-2 patch: *routes + - target: + kind: NodeNetworkConfigurationPolicy + name: master-0 + patch: &octvlan |- + - op: add + path: /spec/desiredState/interfaces/- + value: + description: Octavia vlan host interface + name: octavia + state: up + type: vlan + vlan: + base-iface: _replaced_ + id: _replaced_ + + - target: + kind: NodeNetworkConfigurationPolicy + name: master-1 + patch: *octvlan + + - target: + kind: NodeNetworkConfigurationPolicy + name: master-2 + patch: *octvlan + + - target: + kind: NodeNetworkConfigurationPolicy + name: master-0 + patch: &octbridge |- + - op: add + path: /spec/desiredState/interfaces/- + value: + description: Octavia bridge + mtu: 1500 + name: octbr + type: linux-bridge + bridge: + options: + stp: + enabled: false + port: + - name: octavia + + - target: + kind: NodeNetworkConfigurationPolicy + name: master-1 + patch: *octbridge + + - target: + kind: NodeNetworkConfigurationPolicy + name: master-2 + patch: *octbridge + replacements: - source: @@ -260,3 +313,45 @@ replacements: name: master-2 fieldPaths: - spec.desiredState.routes.config.1.destination + + - source: + kind: ConfigMap + name: network-values + fieldPath: data.octavia.base_iface + targets: + - select: + kind: NodeNetworkConfigurationPolicy + name: master-0 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.base-iface + - select: + kind: NodeNetworkConfigurationPolicy + name: master-1 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.base-iface + - select: + kind: NodeNetworkConfigurationPolicy + name: master-2 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.base-iface + + - source: + kind: ConfigMap + name: network-values + fieldPath: data.octavia.vlan + targets: + - select: + kind: NodeNetworkConfigurationPolicy + name: master-0 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.id + - select: + kind: NodeNetworkConfigurationPolicy + name: master-1 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.id + - select: + kind: NodeNetworkConfigurationPolicy + name: master-2 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.id diff --git a/examples/dt/uni04delta-ipv6/README.md b/examples/dt/uni04delta-ipv6/README.md index adb708004..a4104c803 100644 --- a/examples/dt/uni04delta-ipv6/README.md +++ b/examples/dt/uni04delta-ipv6/README.md @@ -41,6 +41,7 @@ and Manila OpenStack services configured with Ceph. | Tenant | VLAN tagged | | StorageManagement | VLAN tagged | | ironic | untagged | +| octavia | VLAN tagged | ### Services, enabled features and configurations @@ -55,6 +56,7 @@ and Manila OpenStack services configured with Ceph. | Barbican | | Must have | | Ironic | | Must have | | Telemetry | | Must have | +| Octavia | | Must have | #### Support services @@ -76,6 +78,60 @@ work properly and can be deployed with any/default configuration. - Default settings: TLSe - Cluster Observability Operator is installed on the platform. +##### Octavia + +Octavia is enabled with the appropriate network attachments configured to +deploy Octavia. It manages amphorae VMs through a self-service tenant network. +The Octavia Amphora controllers get access to it through a Neutron externally +routed flat provider network configured as a SNAT-less gateway for a neutron +router linked to the tenant networks. Host routes on the tenant network's +subnet and routes on the network attachment provide the required `next hop` +routing to establish the necessary bidirectional routing. + +This arrangement requires a network attachment for connecting the OVN and +Amphora Controller pods (octavia-housekeeping, octavia-healthmanager, +octavia-worker). Because Neutron ML2/OVN implements provider networks by +bridging the relevant physical interface - in this case the network-attachment, +there is an additional requirement that this attachment function when +bridged. As the default macvlan attachments do not function when bridged, a +bridge network attachment is used. + +Bridge attachments do not directly provide connectivity outside of the OCP +node. To implement this, the NodeNetworkConfigurationPolicy creates an VLAN +interface as is typical for the other networks, but does not configure an IP +pool as it is not needed. It is also not configured for metallb as it is solely +as part of a way to establish a L2 network link between nodes. The +NodeNetworkConfigurationPolicy also configures an octbr linux bridge which is +configured as the bridge for the network attachment mentioned above. It is also +configured to add the VLAN interface as a port, effectively linking the nodes +and the network attachments. + +```YAML +spec: + octavia: + enabled: true + template: + octaviaAPI: + networkAttachments: + - internalapi + octaviaHousekeeping: + networkAttachments: + - octavia + octaviaWorker: + networkAttachments: + - octavia + octaviaHealthManager: + networkAttachments: + - octavia + + ovn: + template: + ovncontroller: + nicMappings: + datacentre: ospbr + octavia: octbr +``` + ## Considerations/Constraints N/A diff --git a/examples/dt/uni04delta-ipv6/control-plane/nncp/values.yaml b/examples/dt/uni04delta-ipv6/control-plane/nncp/values.yaml index 523b7d31b..aab23f1df 100644 --- a/examples/dt/uni04delta-ipv6/control-plane/nncp/values.yaml +++ b/examples/dt/uni04delta-ipv6/control-plane/nncp/values.yaml @@ -99,6 +99,34 @@ data: "range_end": "2620:cf:cf:bbbb::70" } } + + octavia: + dnsDomain: octavia.openstack.lab + mtu: 1500 + prefix-length: 64 + base_iface: enp7s0 + iface: octaviavlan + vlan: 25 + net-attach-def: | + { + "cniVersion": "0.3.1", + "name": "octavia", + "type": "bridge", + "bridge": "octbr", + "ipam": { + "type": "whereabouts", + "range": "2620:cf:ce:aaaa::/64", + "range_start": "2620:cf:ce:aaaa::30", + "range_end": "2620:cf:ce:aaaa::70", + "routes": [ + { + "dst": "fd6c:6261:6173:0001::/64", + "gw": "2620:cf:ce:aaaa::0096" + } + ] + } + } + storage: dnsDomain: storage.example.com subnets: diff --git a/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml b/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml index d96bf8bb0..9d871d5d6 100644 --- a/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml +++ b/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml @@ -168,6 +168,23 @@ data: compute-ironic: computeDriver: ironic.IronicDriver + octavia: + enabled: true + amphoraImageContainerImage: quay.io/gthiemonge/octavia-amphora-image + apacheContainerImage: registry.redhat.io/ubi9/httpd-24:latest + octaviaAPI: + networkAttachments: + - internalapi + octaviaHousekeeping: + networkAttachments: + - octavia + octaviaHealthManager: + networkAttachments: + - octavia + octaviaWorker: + networkAttachments: + - octavia + ovn: ovnController: nicMappings: