[uni04delta-ipv6] Add octavia

Add service values and network configuration for octavia

Author: beagles

dt/uni04delta-ipv6/networking/nad.yaml

@@ -9,3 +9,14 @@ metadata:
 spec:
   config: |
     _replaced_
+---
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+  name: octavia
+  labels:
+    osp/net: octavia
+    osp/net-attach-def-type: standard
+spec:
+  config: |
+    _replaced_

dt/uni04delta-ipv6/networking/nncp/kustomization.yaml

@@ -118,6 +118,58 @@ patches:
       name: master-2
     patch: *routes
 
+  - target:
+      kind: NodeNetworkConfigurationPolicy
+      name: master-0
+    patch: &octvlan |-
+      - op: add
+        path: /spec/desiredState/interfaces/-
+        value:
+          description: Octavia vlan host interface
+          name: octavia
+          state: up
+          type: vlan
+          vlan:
+            base-iface: _replaced_
+            id: _replaced_
+
+  - target:
+      kind: NodeNetworkConfigurationPolicy
+      name: master-1
+    patch: *octvlan
+
+  - target:
+      kind: NodeNetworkConfigurationPolicy
+      name: master-2
+    patch: *octvlan
+
+  - target:
+      kind: NodeNetworkConfigurationPolicy
+      name: master-0
+    patch: &octbridge |-
+      - op: add
+        path: /spec/desiredState/interfaces/-
+        value:
+          description: Octavia bridge
+          mtu: 1500
+          name: octbr
+          type: linux-bridge
+          bridge:
+            options:
+              stp:
+                enabled: false
+            port:
+              - name: octavia
+
+  - target:
+      kind: NodeNetworkConfigurationPolicy
+      name: master-1
+    patch: *octbridge
+
+  - target:
+      kind: NodeNetworkConfigurationPolicy
+      name: master-2
+    patch: *octbridge
 
 replacements:
 
@@ -261,3 +313,45 @@ replacements:
           name: master-2
         fieldPaths:
           - spec.desiredState.routes.config.1.destination
+
+  - source:
+      kind: ConfigMap
+      name: network-values
+      fieldPath: data.octavia.base_iface
+    targets:
+      - select:
+          kind: NodeNetworkConfigurationPolicy
+          name: master-0
+        fieldPaths:
+          - spec.desiredState.interfaces.[name=octavia].vlan.base-iface
+      - select:
+          kind: NodeNetworkConfigurationPolicy
+          name: master-1
+        fieldPaths:
+          - spec.desiredState.interfaces.[name=octavia].vlan.base-iface
+      - select:
+          kind: NodeNetworkConfigurationPolicy
+          name: master-2
+        fieldPaths:
+          - spec.desiredState.interfaces.[name=octavia].vlan.base-iface
+
+  - source:
+      kind: ConfigMap
+      name: network-values
+      fieldPath: data.octavia.vlan
+    targets:
+      - select:
+          kind: NodeNetworkConfigurationPolicy
+          name: master-0
+        fieldPaths:
+          - spec.desiredState.interfaces.[name=octavia].vlan.id
+      - select:
+          kind: NodeNetworkConfigurationPolicy
+          name: master-1
+        fieldPaths:
+          - spec.desiredState.interfaces.[name=octavia].vlan.id
+      - select:
+          kind: NodeNetworkConfigurationPolicy
+          name: master-2
+        fieldPaths:
+          - spec.desiredState.interfaces.[name=octavia].vlan.id

examples/dt/uni04delta-ipv6/README.md

@@ -41,6 +41,7 @@ and Manila OpenStack services configured with Ceph.
 | Tenant | VLAN tagged |
 | StorageManagement | VLAN tagged |
 | ironic | untagged |
+| octavia | VLAN tagged |
 
 ### Services, enabled features and configurations
 
@@ -55,6 +56,7 @@ and Manila OpenStack services configured with Ceph.
 | Barbican         |                 | Must have          |
 | Ironic           |                 | Must have          |
 | Telemetry        |                 | Must have          |
+| Octavia          |                 | Must have          |
 
 #### Support services
 
@@ -76,6 +78,60 @@ work properly and can be deployed with any/default configuration.
 - Default settings: TLSe
 - Cluster Observability Operator is installed on the platform.
 
+##### Octavia
+
+Octavia is enabled with the appropriate network attachments configured to
+deploy Octavia. It manages amphorae VMs through a self-service tenant network.
+The Octavia Amphora controllers get access to it through a Neutron externally
+routed flat provider network configured as a SNAT-less gateway for a neutron
+router linked to the tenant networks. Host routes on the tenant network's
+subnet and routes on the network attachment provide the required `next hop`
+routing to establish the necessary bidirectional routing.
+
+This arrangement requires a network attachment for connecting the OVN and
+Amphora Controller pods (octavia-housekeeping, octavia-healthmanager,
+octavia-worker). Because Neutron ML2/OVN implements provider networks by
+bridging the relevant physical interface - in this case the network-attachment,
+there is an additional requirement that this attachment function when
+bridged. As the default macvlan attachments do not function when bridged, a
+bridge network attachment is used.
+
+Bridge attachments do not directly provide connectivity outside of the OCP
+node. To implement this, the NodeNetworkConfigurationPolicy creates an VLAN
+interface as is typical for the other networks, but does not configure an IP
+pool as it is not needed. It is also not configured for metallb as it is solely
+as part of a way to establish a L2 network link between nodes. The
+NodeNetworkConfigurationPolicy also configures an octbr linux bridge which is
+configured as the bridge for the network attachment mentioned above. It is also
+configured to add the VLAN interface as a port, effectively linking the nodes
+and the network attachments.
+
+```YAML
+spec:
+  octavia:
+    enabled: true
+    template:
+      octaviaAPI:
+        networkAttachments:
+          - internalapi
+      octaviaHousekeeping:
+        networkAttachments:
+          - octavia
+      octaviaWorker:
+        networkAttachments:
+          - octavia
+      octaviaHealthManager:
+        networkAttachments:
+          - octavia
+
+  ovn:
+    template:
+      ovncontroller:
+        nicMappings:
+          datacentre: ospbr
+          octavia: octbr
+```
+
 ## Considerations/Constraints
 
 N/A

examples/dt/uni04delta-ipv6/control-plane/networking/nncp/values.yaml

@@ -108,6 +108,34 @@ data:
           "range_end": "2620:cf:cf:bbbb::70"
         }
       }
+
+  octavia:
+    dnsDomain: octavia.openstack.lab
+    mtu: 1500
+    prefix-length: 64
+    base_iface: enp7s0
+    iface: octaviavlan
+    vlan: 25
+    net-attach-def: |
+      {
+        "cniVersion": "0.3.1",
+        "name": "octavia",
+        "type": "bridge",
+        "bridge": "octbr",
+        "ipam": {
+          "type": "whereabouts",
+          "range": "2620:cf:ce:aaaa::/64",
+          "range_start": "2620:cf:ce:aaaa::30",
+          "range_end": "2620:cf:ce:aaaa::70",
+          "routes": [
+            {
+              "dst": "fd6c:6261:6173:0001::/64",
+              "gw": "2620:cf:ce:aaaa::0096"
+            }
+          ]
+        }
+      }
+
   storage:
     dnsDomain: storage.example.com
     subnets:

examples/dt/uni04delta-ipv6/control-plane/service-values.yaml

@@ -168,6 +168,23 @@ data:
           compute-ironic:
             computeDriver: ironic.IronicDriver
 
+  octavia:
+    enabled: true
+    amphoraImageContainerImage: quay.io/gthiemonge/octavia-amphora-image
+    apacheContainerImage: registry.redhat.io/ubi9/httpd-24:latest
+    octaviaAPI:
+      networkAttachments:
+        - internalapi
+    octaviaHousekeeping:
+      networkAttachments:
+        - octavia
+    octaviaHealthManager:
+      networkAttachments:
+        - octavia
+    octaviaWorker:
+      networkAttachments:
+        - octavia
+
   ovn:
     ovnController:
       nicMappings: