Merge pull request #622 from eduolivares/bgp-octavia-3

[BGP+AmphoraLBs] Fix network configuration

Amphora LBs did not work properly with BGP.
With this change, network configuration is modified to:

configure NNCP with proper routes from OCP workers to octavia mgmt network (tenant network used by amphora VMs)
configure octavia NAD with proper routes to the octavia mgmt network
add br-octavia and the corresponding ovn bridge mapping to dataplane nodes
ovn-bgp-agent expose-tenant-networks is enabled to advertise via BGP routes to octavia mgmt IPs

OSPRH-10768
Depends-On: openstack-k8s-operators/ci-framework#3314

Reviewed-by: Candido Campos Rivas
Reviewed-by: Andrew Bays <[email protected]>

Author: softwarefactory-project-zuul[bot]

examples/dt/bgp_dt01/control-plane/kustomization.yaml

@@ -132,3 +132,16 @@ replacements:
           - spec.neutron.template.customServiceConfig
         options:
           create: true
+
+  # configure octavia nodeSelector
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.octavia.nodeSelector
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.octavia.template.nodeSelector
+        options:
+          create: true

examples/dt/bgp_dt01/control-plane/networking/kustomization.yaml

@@ -26,6 +26,19 @@ resources:
   - ocp_networks_netattach.yaml
 
 patches:
+  # Add octavia network to NetConfig
+  - target:
+      kind: NetConfig
+      name: netconfig
+    patch: |-
+      - op: add
+        path: /spec/networks/-
+        value:
+          dnsDomain: octavia.example.com
+          name: octavia
+          subnets:
+            - _replaced_
+          mtu: 1500
   # Add BGPPeer to BGPAdvertisement
   - target:
       kind: BGPAdvertisement
@@ -65,6 +78,16 @@ patches:
       $patch: delete
 
 replacements:
+  # octavia NetConfig kustomizations
+  - source:
+      kind: ConfigMap
+      name: network-values
+      fieldPath: data.octavia.subnets
+    targets:
+      - select:
+          kind: NetConfig
+        fieldPaths:
+          - spec.networks.[name=octavia].subnets
   # BGP peer IP addresses
   # node3
   - source:

examples/dt/bgp_dt01/control-plane/networking/nncp/kustomization.yaml

@@ -107,19 +107,6 @@ patches:
           name: _replaced_
           mtu: 65536
           state: up
-  - target:
-      kind: NodeNetworkConfigurationPolicy
-    patch: |-
-      - op: add
-        path: /spec/desiredState/interfaces/-
-        value:
-          description: Octavia vlan host interface
-          name: octavia
-          state: up
-          type: vlan
-          vlan:
-            base-iface: _replaced_
-            id: _replaced_
   - target:
       kind: NodeNetworkConfigurationPolicy
     patch: |-
@@ -128,14 +115,9 @@ patches:
         value:
           description: Octavia bridge
           mtu: 1500
-          name: octbr
+          name: octavia
           type: linux-bridge
-          bridge:
-            options:
-              stp:
-                enabled: false
-            port:
-              - name: octavia
+          state: up
   # Fix roles on masters
   - target:
       kind: NodeNetworkConfigurationPolicy
@@ -692,26 +674,6 @@ replacements:
           name: worker-3
         fieldPaths:
           - spec.desiredState.interfaces.5.ipv6.address.0.prefix-length
-  # Octavia
-  - source:
-      kind: ConfigMap
-      name: network-values
-      fieldPath: data.octavia.base_iface
-    targets:  # octavia interfaces are needed on the workers, except worker-3
-      - select:
-          kind: NodeNetworkConfigurationPolicy
-        fieldPaths:
-          - spec.desiredState.interfaces.[name=octavia].vlan.base-iface
-
-  - source:
-      kind: ConfigMap
-      name: network-values
-      fieldPath: data.octavia.vlan
-    targets:  # octavia interfaces are needed on the workers, except worker-3
-      - select:
-          kind: NodeNetworkConfigurationPolicy
-        fieldPaths:
-          - spec.desiredState.interfaces.[name=octavia].vlan.id
   # Overwrite worker-3 base routes
   - source:
       kind: ConfigMap

examples/dt/bgp_dt01/control-plane/networking/nncp/values.yaml

@@ -23,13 +23,7 @@ data:
     loopback_ip: 99.99.0.3
     loopback_ipv6: f00d:f00d:f00d:f00d:f00d:f00d:f00d:13
     routes:
-      config:
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.64.0.9
-          next-hop-interface: enp7s0
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.65.0.9
-          next-hop-interface: enp8s0
+      config: []
   node_1:
     name: master-1
     internalapi_ip: 172.17.0.6
@@ -45,13 +39,7 @@ data:
     loopback_ip: 99.99.1.3
     loopback_ipv6: f00d:f00d:f00d:f00d:f00d:f00d:f00d:23
     routes:
-      config:
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.64.1.9
-          next-hop-interface: enp7s0
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.65.1.9
-          next-hop-interface: enp8s0
+      config: []
   node_2:
     name: master-2
     internalapi_ip: 172.17.0.7
@@ -67,13 +55,7 @@ data:
     loopback_ip: 99.99.2.3
     loopback_ipv6: f00d:f00d:f00d:f00d:f00d:f00d:f00d:33
     routes:
-      config:
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.64.2.9
-          next-hop-interface: enp7s0
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.65.2.9
-          next-hop-interface: enp8s0
+      config: []
   node_3:
     name: worker-0
     internalapi_ip: 172.17.0.8
@@ -96,6 +78,13 @@ data:
         - destination: 99.99.0.0/16
           next-hop-address: 100.65.0.13
           next-hop-interface: enp8s0
+        # routes to octavia mgmt network
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.64.0.13
+          next-hop-interface: enp7s0
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.65.0.13
+          next-hop-interface: enp8s0
   node_4:
     name: worker-1
     internalapi_ip: 172.17.0.9
@@ -118,6 +107,13 @@ data:
         - destination: 99.99.0.0/16
           next-hop-address: 100.65.1.13
           next-hop-interface: enp8s0
+        # routes to octavia mgmt network
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.64.1.13
+          next-hop-interface: enp7s0
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.65.1.13
+          next-hop-interface: enp8s0
   node_5:
     name: worker-2
     internalapi_ip: 172.17.0.10
@@ -140,6 +136,13 @@ data:
         - destination: 99.99.0.0/16
           next-hop-address: 100.65.2.13
           next-hop-interface: enp8s0
+        # routes to octavia mgmt network
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.64.2.13
+          next-hop-interface: enp7s0
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.65.2.13
+          next-hop-interface: enp8s0
   node_6:
     name: worker-3
     internalapi_ip: 172.17.0.11
@@ -158,6 +161,10 @@ data:
         - destination: 192.168.133.0/24
           next-hop-address: 100.64.10.1
           next-hop-interface: enp7s0
+        # routes to octavia mgmt network
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.64.10.1
+          next-hop-interface: enp7s0
 
   # networks
   ctlplane:
@@ -336,6 +343,13 @@ data:
       }
   octavia:
     dnsDomain: octavia.openstack.lab
+    subnets:
+      - allocationRanges:
+          - end: 172.23.0.250
+            start: 172.23.0.100
+        cidr: 172.23.0.0/24
+        name: subnet1
+        vlan: 23
     mtu: 1500
     vlan: 23
     base_iface: enp6s0
@@ -344,18 +358,22 @@ data:
         "cniVersion": "0.3.1",
         "name": "octavia",
         "type": "bridge",
-        "bridge": "octbr",
+        "isDefaultGateway": true,
+        "isGateway": true,
+        "forceAddress": false,
+        "ipMasq": false,
+        "hairpinMode": true,
+        "bridge": "octavia",
         "ipam": {
           "type": "whereabouts",
           "range": "172.23.0.0/24",
+          "routes": [{
+               "dst": "172.24.0.0/16",
+               "gw": "172.23.0.1"
+          }],
           "range_start": "172.23.0.30",
           "range_end": "172.23.0.70",
-          "routes": [
-            {
-              "dst": "172.24.0.0/16",
-              "gw": "172.23.0.150"
-            }
-          ]
+          "gateway": "172.23.0.1"
         }
       }
 
@@ -486,13 +504,7 @@ data:
           bgp_peer: 100.65.0.9
           bgp_ip: 100.65.0.10
         routes:
-          config:
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.64.0.9
-              next-hop-interface: enp7s0
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.65.0.9
-              next-hop-interface: enp8s0
+          config: []
       node1:
         bgpnet0:
           bgp_peer: 100.64.1.9
@@ -501,13 +513,7 @@ data:
           bgp_peer: 100.65.1.9
           bgp_ip: 100.65.1.10
         routes:
-          config:
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.64.1.9
-              next-hop-interface: enp7s0
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.65.1.9
-              next-hop-interface: enp8s0
+          config: []
       node2:
         bgpnet0:
           bgp_peer: 100.64.2.9
@@ -516,13 +522,7 @@ data:
           bgp_peer: 100.65.2.9
           bgp_ip: 100.65.2.10
         routes:
-          config:
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.64.2.9
-              next-hop-interface: enp7s0
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.65.2.9
-              next-hop-interface: enp8s0
+          config: []
       node3:
         bgpnet0:
           bgp_peer: 100.64.0.13
@@ -538,6 +538,13 @@ data:
             - destination: 99.99.0.0/16
               next-hop-address: 100.65.0.13
               next-hop-interface: enp8s0
+            # routes to octavia mgmt network
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.64.0.13
+              next-hop-interface: enp7s0
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.65.0.13
+              next-hop-interface: enp8s0
       node4:
         bgpnet0:
           bgp_peer: 100.64.1.13
@@ -553,6 +560,13 @@ data:
             - destination: 99.99.0.0/16
               next-hop-address: 100.65.1.13
               next-hop-interface: enp8s0
+            # routes to octavia mgmt network
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.64.1.13
+              next-hop-interface: enp7s0
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.65.1.13
+              next-hop-interface: enp8s0
       node5:
         bgpnet0:
           bgp_peer: 100.64.2.13
@@ -568,6 +582,13 @@ data:
             - destination: 99.99.0.0/16
               next-hop-address: 100.65.2.13
               next-hop-interface: enp8s0
+            # routes to octavia mgmt network
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.64.2.13
+              next-hop-interface: enp7s0
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.65.2.13
+              next-hop-interface: enp8s0
       node6:
         bgpnet0:
           bgp_peer: 100.64.10.1
@@ -577,6 +598,10 @@ data:
             - destination: 192.168.133.0/24
               next-hop-address: 100.64.10.1
               next-hop-interface: enp7s0
+            # routes to octavia mgmt network
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.64.10.1
+              next-hop-interface: enp7s0
     net-attach-def:
       node6: |
         {
@@ -592,6 +617,9 @@ data:
             "routes": [{
               "dst": "192.168.133.0/24",
               "gw": "100.64.10.1"
+            }, {
+              "dst": "172.24.0.0/16",
+              "gw": "100.64.10.1"
             }]
           }
         }

examples/dt/bgp_dt01/control-plane/service-values.yaml

@@ -54,6 +54,8 @@ data:
       customServiceConfig: |
         [controller_worker]
         loadbalancer_topology=ACTIVE_STANDBY
+    nodeSelector:
+      node-role.kubernetes.io/worker: ""
 
   neutron:
     customServiceConfig: |