[BGP+AmphoraLBs] Fix network configuration

Amphora LBs did not work properly with BGP.
With this change, network configuration is modified to:
- configure NNCP with proper routes from OCP workers to octavia mgmt
  network (tenant network used by amphora VMs)
- configure octavia NAD with proper routes to the octavia mgmt network
- add br-octavia and the corresponding ovn bridge mapping to dataplane
  nodes
- ovn-bgp-agent expose-tenant-networks is enabled to advertise via BGP
  routes to octavia mgmt IPs

OSPRH-10768

Author: eduolivares

examples/dt/bgp_dt01/control-plane/kustomization.yaml

@@ -132,3 +132,16 @@ replacements:
           - spec.neutron.template.customServiceConfig
         options:
           create: true
+
+  # configure octavia nodeSelector
+  - source:
+      kind: ConfigMap
+      name: service-values
+      fieldPath: data.octavia.nodeSelector
+    targets:
+      - select:
+          kind: OpenStackControlPlane
+        fieldPaths:
+          - spec.octavia.template.nodeSelector
+        options:
+          create: true

examples/dt/bgp_dt01/control-plane/networking/kustomization.yaml

@@ -26,6 +26,19 @@ resources:
   - ocp_networks_netattach.yaml
 
 patches:
+  # Add octavia network to NetConfig
+  - target:
+      kind: NetConfig
+      name: netconfig
+    patch: |-
+      - op: add
+        path: /spec/networks/-
+        value:
+          dnsDomain: octavia.example.com
+          name: octavia
+          subnets:
+            - _replaced_
+          mtu: 1500
   # Add BGPPeer to BGPAdvertisement
   - target:
       kind: BGPAdvertisement
@@ -65,6 +78,16 @@ patches:
       $patch: delete
 
 replacements:
+  # octavia NetConfig kustomizations
+  - source:
+      kind: ConfigMap
+      name: network-values
+      fieldPath: data.octavia.subnets
+    targets:
+      - select:
+          kind: NetConfig
+        fieldPaths:
+          - spec.networks.[name=octavia].subnets
   # BGP peer IP addresses
   # node3
   - source:

examples/dt/bgp_dt01/control-plane/networking/nncp/kustomization.yaml

@@ -107,19 +107,6 @@ patches:
           name: _replaced_
           mtu: 65536
           state: up
-  - target:
-      kind: NodeNetworkConfigurationPolicy
-    patch: |-
-      - op: add
-        path: /spec/desiredState/interfaces/-
-        value:
-          description: Octavia vlan host interface
-          name: octavia
-          state: up
-          type: vlan
-          vlan:
-            base-iface: _replaced_
-            id: _replaced_
   - target:
       kind: NodeNetworkConfigurationPolicy
     patch: |-
@@ -128,14 +115,9 @@ patches:
         value:
           description: Octavia bridge
           mtu: 1500
-          name: octbr
+          name: octavia
           type: linux-bridge
-          bridge:
-            options:
-              stp:
-                enabled: false
-            port:
-              - name: octavia
+          state: up
   # Fix roles on masters
   - target:
       kind: NodeNetworkConfigurationPolicy
@@ -692,26 +674,6 @@ replacements:
           name: worker-3
         fieldPaths:
           - spec.desiredState.interfaces.5.ipv6.address.0.prefix-length
-  # Octavia
-  - source:
-      kind: ConfigMap
-      name: network-values
-      fieldPath: data.octavia.base_iface
-    targets:  # octavia interfaces are needed on the workers, except worker-3
-      - select:
-          kind: NodeNetworkConfigurationPolicy
-        fieldPaths:
-          - spec.desiredState.interfaces.[name=octavia].vlan.base-iface
-
-  - source:
-      kind: ConfigMap
-      name: network-values
-      fieldPath: data.octavia.vlan
-    targets:  # octavia interfaces are needed on the workers, except worker-3
-      - select:
-          kind: NodeNetworkConfigurationPolicy
-        fieldPaths:
-          - spec.desiredState.interfaces.[name=octavia].vlan.id
   # Overwrite worker-3 base routes
   - source:
       kind: ConfigMap

examples/dt/bgp_dt01/control-plane/networking/nncp/values.yaml

@@ -23,13 +23,7 @@ data:
     loopback_ip: 99.99.0.3
     loopback_ipv6: f00d:f00d:f00d:f00d:f00d:f00d:f00d:13
     routes:
-      config:
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.64.0.9
-          next-hop-interface: enp7s0
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.65.0.9
-          next-hop-interface: enp8s0
+      config: []
   node_1:
     name: master-1
     internalapi_ip: 172.17.0.6
@@ -45,13 +39,7 @@ data:
     loopback_ip: 99.99.1.3
     loopback_ipv6: f00d:f00d:f00d:f00d:f00d:f00d:f00d:23
     routes:
-      config:
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.64.1.9
-          next-hop-interface: enp7s0
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.65.1.9
-          next-hop-interface: enp8s0
+      config: []
   node_2:
     name: master-2
     internalapi_ip: 172.17.0.7
@@ -67,13 +55,7 @@ data:
     loopback_ip: 99.99.2.3
     loopback_ipv6: f00d:f00d:f00d:f00d:f00d:f00d:f00d:33
     routes:
-      config:
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.64.2.9
-          next-hop-interface: enp7s0
-        - destination: 99.99.0.0/16
-          next-hop-address: 100.65.2.9
-          next-hop-interface: enp8s0
+      config: []
   node_3:
     name: worker-0
     internalapi_ip: 172.17.0.8
@@ -96,6 +78,13 @@ data:
         - destination: 99.99.0.0/16
           next-hop-address: 100.65.0.13
           next-hop-interface: enp8s0
+        # routes to octavia mgmt network
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.64.0.13
+          next-hop-interface: enp7s0
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.65.0.13
+          next-hop-interface: enp8s0
   node_4:
     name: worker-1
     internalapi_ip: 172.17.0.9
@@ -118,6 +107,13 @@ data:
         - destination: 99.99.0.0/16
           next-hop-address: 100.65.1.13
           next-hop-interface: enp8s0
+        # routes to octavia mgmt network
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.64.1.13
+          next-hop-interface: enp7s0
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.65.1.13
+          next-hop-interface: enp8s0
   node_5:
     name: worker-2
     internalapi_ip: 172.17.0.10
@@ -140,6 +136,13 @@ data:
         - destination: 99.99.0.0/16
           next-hop-address: 100.65.2.13
           next-hop-interface: enp8s0
+        # routes to octavia mgmt network
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.64.2.13
+          next-hop-interface: enp7s0
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.65.2.13
+          next-hop-interface: enp8s0
   node_6:
     name: worker-3
     internalapi_ip: 172.17.0.11
@@ -158,6 +161,10 @@ data:
         - destination: 192.168.133.0/24
           next-hop-address: 100.64.10.1
           next-hop-interface: enp7s0
+        # routes to octavia mgmt network
+        - destination: 172.24.0.0/16
+          next-hop-address: 100.64.10.1
+          next-hop-interface: enp7s0
 
   # networks
   ctlplane:
@@ -336,6 +343,13 @@ data:
       }
   octavia:
     dnsDomain: octavia.openstack.lab
+    subnets:
+      - allocationRanges:
+          - end: 172.23.0.250
+            start: 172.23.0.100
+        cidr: 172.23.0.0/24
+        name: subnet1
+        vlan: 23
     mtu: 1500
     vlan: 23
     base_iface: enp6s0
@@ -344,18 +358,22 @@ data:
         "cniVersion": "0.3.1",
         "name": "octavia",
         "type": "bridge",
-        "bridge": "octbr",
+        "isDefaultGateway": true,
+        "isGateway": true,
+        "forceAddress": false,
+        "ipMasq": false,
+        "hairpinMode": true,
+        "bridge": "octavia",
         "ipam": {
           "type": "whereabouts",
           "range": "172.23.0.0/24",
+          "routes": [{
+               "dst": "172.24.0.0/16",
+               "gw": "172.23.0.1"
+          }],
           "range_start": "172.23.0.30",
           "range_end": "172.23.0.70",
-          "routes": [
-            {
-              "dst": "172.24.0.0/16",
-              "gw": "172.23.0.150"
-            }
-          ]
+          "gateway": "172.23.0.1"
         }
       }
 
@@ -486,13 +504,7 @@ data:
           bgp_peer: 100.65.0.9
           bgp_ip: 100.65.0.10
         routes:
-          config:
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.64.0.9
-              next-hop-interface: enp7s0
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.65.0.9
-              next-hop-interface: enp8s0
+          config: []
       node1:
         bgpnet0:
           bgp_peer: 100.64.1.9
@@ -501,13 +513,7 @@ data:
           bgp_peer: 100.65.1.9
           bgp_ip: 100.65.1.10
         routes:
-          config:
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.64.1.9
-              next-hop-interface: enp7s0
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.65.1.9
-              next-hop-interface: enp8s0
+          config: []
       node2:
         bgpnet0:
           bgp_peer: 100.64.2.9
@@ -516,13 +522,7 @@ data:
           bgp_peer: 100.65.2.9
           bgp_ip: 100.65.2.10
         routes:
-          config:
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.64.2.9
-              next-hop-interface: enp7s0
-            - destination: 99.99.0.0/16
-              next-hop-address: 100.65.2.9
-              next-hop-interface: enp8s0
+          config: []
       node3:
         bgpnet0:
           bgp_peer: 100.64.0.13
@@ -538,6 +538,13 @@ data:
             - destination: 99.99.0.0/16
               next-hop-address: 100.65.0.13
               next-hop-interface: enp8s0
+            # routes to octavia mgmt network
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.64.0.13
+              next-hop-interface: enp7s0
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.65.0.13
+              next-hop-interface: enp8s0
       node4:
         bgpnet0:
           bgp_peer: 100.64.1.13
@@ -553,6 +560,13 @@ data:
             - destination: 99.99.0.0/16
               next-hop-address: 100.65.1.13
               next-hop-interface: enp8s0
+            # routes to octavia mgmt network
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.64.1.13
+              next-hop-interface: enp7s0
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.65.1.13
+              next-hop-interface: enp8s0
       node5:
         bgpnet0:
           bgp_peer: 100.64.2.13
@@ -568,6 +582,13 @@ data:
             - destination: 99.99.0.0/16
               next-hop-address: 100.65.2.13
               next-hop-interface: enp8s0
+            # routes to octavia mgmt network
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.64.2.13
+              next-hop-interface: enp7s0
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.65.2.13
+              next-hop-interface: enp8s0
       node6:
         bgpnet0:
           bgp_peer: 100.64.10.1
@@ -577,6 +598,10 @@ data:
             - destination: 192.168.133.0/24
               next-hop-address: 100.64.10.1
               next-hop-interface: enp7s0
+            # routes to octavia mgmt network
+            - destination: 172.24.0.0/16
+              next-hop-address: 100.64.10.1
+              next-hop-interface: enp7s0
     net-attach-def:
       node6: |
         {
@@ -592,6 +617,9 @@ data:
             "routes": [{
               "dst": "192.168.133.0/24",
               "gw": "100.64.10.1"
+            }, {
+              "dst": "172.24.0.0/16",
+              "gw": "100.64.10.1"
             }]
           }
         }

examples/dt/bgp_dt01/control-plane/service-values.yaml

@@ -54,6 +54,8 @@ data:
       customServiceConfig: |
         [controller_worker]
         loadbalancer_topology=ACTIVE_STANDBY
+    nodeSelector:
+      node-role.kubernetes.io/worker: ""
 
   neutron:
     customServiceConfig: |