Allow the user to provide its own networks/subnets

gthiemonge · gthiemonge · commit 485de0dd0152 · 2024-10-14T13:14:57.000Z
By setting lbMgmtNetwork.manageLbMgmtNetworks to false, the user can
prevent the octavia-operator from creating the Neutron networking
resources for the management network.

In this case, the octavia-operator assumes that the user has already
created:
- lb-mgmt-net (optional), default management network for the
  amphora instances
- lb-mgmt-subnet (optional), subnet of the lb-mgmt-net
- octavia-link-router (optional), a router that connects the management
  provider network to the tenant networks
- lb-mgmt-&lt;az&gt;-subnet (optional), per AZ subnets for each AZ defined in
  lbMgmtNetwork.availabilityZones

JIRA: OSPRH-10232
diff --git a/api/bases/octavia.openstack.org_octavias.yaml b/api/bases/octavia.openstack.org_octavias.yaml
@@ -105,6 +105,7 @@ spec:
                 type: object
               lbMgmtNetwork:
                 default:
+                  createDefaultLbMgmtNetwork: true
                   manageLbMgmtNetworks: true
                 description: OctaviaLbMgmtNetworks Settings for Octavia management
                   networks
@@ -135,7 +136,8 @@ spec:
                       Attachment Definition
                     type: string
                   manageLbMgmtNetworks:
-                    default: true
+                    description: ManageLbMgmtNetworks - when True, octavia-operator
+                      creates the Neutron resources needed for its Management Network
                     type: boolean
                 type: object
               nodeSelector:
diff --git a/api/v1beta1/octavia_types.go b/api/v1beta1/octavia_types.go
@@ -171,7 +171,7 @@ type OctaviaSpecBase struct {
 	TenantName string `json:"tenantName"`
 
 	// +kubebuilder:validation:Optional
-	// +kubebuilder:default={manageLbMgmtNetworks: true}
+	// +kubebuilder:default={manageLbMgmtNetworks: true, createDefaultLbMgmtNetwork: true}
 	LbMgmtNetworks OctaviaLbMgmtNetworks `json:"lbMgmtNetwork"`
 
 	// +kubebuilder:validation:Optional
@@ -230,14 +230,14 @@ type PasswordSelector struct {
 // OctaviaLbMgmtNetworks Settings for Octavia management networks
 type OctaviaLbMgmtNetworks struct {
 	// +kubebuilder:validation:Optional
-	// +kubebuilder:default=true
-	ManageLbMgmtNetworks bool `json:"manageLbMgmtNetworks,omitempty"`
+	// ManageLbMgmtNetworks - when True, octavia-operator creates the Neutron resources needed for its Management Network
+	ManageLbMgmtNetworks bool `json:"manageLbMgmtNetworks"`
 
 	// +kubebuilder:validation:Optional
 	// CreateDefaultLbMgmtNetwork - when True, octavia-operator creates a
 	// Management Network for the default Availability Zone of the control
 	// plane. Can be set to false when deploying OpenStack in DCN mode.
-	CreateDefaultLbMgmtNetwork bool `json:"createDefaultLbMgmtNetwork,omitempty"`
+	CreateDefaultLbMgmtNetwork bool `json:"createDefaultLbMgmtNetwork"`
 
 	// +kubebuilder:validation:Optional
 	// LbMgmtRouterGateway is the IP address of the Octavia router on the
diff --git a/config/crd/bases/octavia.openstack.org_octavias.yaml b/config/crd/bases/octavia.openstack.org_octavias.yaml
@@ -105,6 +105,7 @@ spec:
                 type: object
               lbMgmtNetwork:
                 default:
+                  createDefaultLbMgmtNetwork: true
                   manageLbMgmtNetworks: true
                 description: OctaviaLbMgmtNetworks Settings for Octavia management
                   networks
@@ -135,7 +136,8 @@ spec:
                       Attachment Definition
                     type: string
                   manageLbMgmtNetworks:
-                    default: true
+                    description: ManageLbMgmtNetworks - when True, octavia-operator
+                      creates the Neutron resources needed for its Management Network
                     type: boolean
                 type: object
               nodeSelector:
diff --git a/controllers/octavia_controller.go b/controllers/octavia_controller.go
@@ -687,25 +687,47 @@ func (r *OctaviaReconciler) reconcileNormal(ctx context.Context, instance *octav
 		return ctrl.Result{}, err
 	}
 
-	// Create load balancer management network and get its Id (networkInfo is actually a struct and contains
-	// multiple details.
-	networkInfo, err := octavia.EnsureAmphoraManagementNetwork(
-		ctx,
-		instance.Namespace,
-		instance.Spec.TenantName,
-		&instance.Spec.LbMgmtNetworks,
-		networkParameters,
-		&Log,
-		helper,
-	)
-	if err != nil {
-		instance.Status.Conditions.Set(condition.FalseCondition(
-			octaviav1.OctaviaManagementNetworkReadyCondition,
-			condition.ErrorReason,
-			condition.SeverityWarning,
-			octaviav1.OctaviaManagementNetworkReadyErrorMessage,
-			err.Error()))
-		return ctrl.Result{}, err
+	var networkInfo octavia.NetworkProvisioningSummary
+
+	if instance.Spec.LbMgmtNetworks.ManageLbMgmtNetworks {
+		// Create load balancer management network and get its Id (networkInfo is actually a struct and contains
+		// multiple details.
+		networkInfo, err = octavia.EnsureAmphoraManagementNetwork(
+			ctx,
+			instance.Namespace,
+			instance.Spec.TenantName,
+			&instance.Spec.LbMgmtNetworks,
+			networkParameters,
+			&Log,
+			helper,
+		)
+		if err != nil {
+			instance.Status.Conditions.Set(condition.FalseCondition(
+				octaviav1.OctaviaManagementNetworkReadyCondition,
+				condition.ErrorReason,
+				condition.SeverityWarning,
+				octaviav1.OctaviaManagementNetworkReadyErrorMessage,
+				err.Error()))
+			return ctrl.Result{}, err
+		}
+	} else {
+		networkInfo, err = octavia.HandleUnmanagedAmphoraManagementNetwork(
+			ctx,
+			instance.Namespace,
+			instance.Spec.TenantName,
+			&instance.Spec.LbMgmtNetworks,
+			&Log,
+			helper,
+		)
+		if err != nil {
+			instance.Status.Conditions.Set(condition.FalseCondition(
+				octaviav1.OctaviaManagementNetworkReadyCondition,
+				condition.ErrorReason,
+				condition.SeverityWarning,
+				octaviav1.OctaviaManagementNetworkReadyErrorMessage,
+				err.Error()))
+			return ctrl.Result{}, err
+		}
 	}
 	instance.Status.Conditions.MarkTrue(octaviav1.OctaviaManagementNetworkReadyCondition, octaviav1.OctaviaManagementNetworkReadyCompleteMessage)
 	Log.Info(fmt.Sprintf("Using management network \"%s\"", networkInfo.TenantNetworkID))
diff --git a/pkg/octavia/lb_mgmt_network.go b/pkg/octavia/lb_mgmt_network.go
@@ -37,9 +37,6 @@ import (
 // Type for conveying the results of the EnsureAmphoraManagementNetwork call.
 type NetworkProvisioningSummary struct {
 	TenantNetworkID            string
-	TenantSubnetID             string
-	ProviderNetworkID          string
-	RouterID                   string
 	SecurityGroupID            string
 	ManagementSubnetCIDR       string
 	ManagementSubnetGateway    string
@@ -208,6 +205,25 @@ func getNetworkExt(client *gophercloud.ServiceClient, networkName string, servic
 	return nil, nil
 }
 
+func getSubnet(client *gophercloud.ServiceClient, subnetName string, serviceTenantID string) (*subnets.Subnet, error) {
+	listOpts := subnets.ListOpts{
+		Name:     subnetName,
+		TenantID: serviceTenantID,
+	}
+	allPages, err := subnets.List(client, listOpts).AllPages()
+	if err != nil {
+		return nil, err
+	}
+	allSubnets, err := subnets.ExtractSubnets(allPages)
+	if err != nil {
+		return nil, err
+	}
+	if len(allSubnets) > 0 {
+		return &allSubnets[0], nil
+	}
+	return nil, nil
+}
+
 func ensureNetwork(client *gophercloud.ServiceClient, createOpts networks.CreateOpts, log *logr.Logger,
 	serviceTenantID string) (*networks.Network, error) {
 	foundNetwork, err := getNetwork(client, createOpts.Name, serviceTenantID)
@@ -805,6 +821,72 @@ func ensureSecurityGroup(
 	return secGroup.ID, nil
 }
 
+func HandleUnmanagedAmphoraManagementNetwork(
+	ctx context.Context,
+	ns string,
+	tenantName string,
+	netDetails *octaviav1.OctaviaLbMgmtNetworks,
+	log *logr.Logger,
+	helper *helper.Helper,
+) (NetworkProvisioningSummary, error) {
+	o, err := GetOpenstackClient(ctx, ns, helper)
+	if err != nil {
+		return NetworkProvisioningSummary{}, err
+	}
+	client, err := GetNetworkClient(o)
+	if err != nil {
+		return NetworkProvisioningSummary{}, err
+	}
+	serviceTenant, err := GetProject(o, tenantName)
+	if err != nil {
+		return NetworkProvisioningSummary{}, err
+	}
+
+	tenantNetworkID := ""
+	network, err := getNetwork(client, LbMgmtNetName, serviceTenant.ID)
+	if err == nil && network != nil {
+		tenantNetworkID = network.ID
+	}
+
+	managementSubnetGateway := ""
+	router, err := findRouter(client, log)
+	if err == nil && router != nil {
+		if len(router.GatewayInfo.ExternalFixedIPs) > 0 {
+			managementSubnetGateway = router.GatewayInfo.ExternalFixedIPs[0].IPAddress
+		} else {
+			log.Info("No external fixedIP on router %s, skipping", router.Name)
+		}
+	}
+
+	managementSubnetCIDR := ""
+	subnet, err := getSubnet(client, LbMgmtSubnetName, serviceTenant.ID)
+	if err == nil && subnet != nil {
+		managementSubnetCIDR = subnet.CIDR
+	}
+
+	managementSubnetExtraCIDRs := []string{}
+	for _, az := range netDetails.AvailabilityZones {
+		subnet, err := getSubnet(client, fmt.Sprintf(LbMgmtSubnetNameAZ, az), serviceTenant.ID)
+		if err == nil && subnet != nil {
+			managementSubnetExtraCIDRs = append(managementSubnetExtraCIDRs, subnet.CIDR)
+		}
+	}
+
+	securityGroupID := ""
+	securityGroup, err := findSecurityGroup(client, serviceTenant.ID, LbMgmtNetworkSecurityGroupName, log)
+	if err == nil && securityGroup != nil {
+		securityGroupID = securityGroup.ID
+	}
+
+	return NetworkProvisioningSummary{
+		TenantNetworkID:            tenantNetworkID,
+		SecurityGroupID:            securityGroupID,
+		ManagementSubnetCIDR:       managementSubnetCIDR,
+		ManagementSubnetGateway:    managementSubnetGateway,
+		ManagementSubnetExtraCIDRs: managementSubnetExtraCIDRs,
+	}, nil
+}
+
 // EnsureAmphoraManagementNetwork - retrieve, create and reconcile the Octavia management network for the in cluster link to the
 // management tenant network.
 func EnsureAmphoraManagementNetwork(
@@ -844,7 +926,6 @@ func EnsureAmphoraManagementNetwork(
 	var tenantSubnet *subnets.Subnet
 	var tenantRouterPort *ports.Port
 	tenantNetworkID := ""
-	tenantSubnetID := ""
 
 	if netDetails.CreateDefaultLbMgmtNetwork {
 		tenantNetwork, err = ensureLbMgmtNetwork(client, nil, netDetails, serviceTenant.ID, log)
@@ -857,7 +938,6 @@ func EnsureAmphoraManagementNetwork(
 		if err != nil {
 			return NetworkProvisioningSummary{}, err
 		}
-		tenantSubnetID = tenantSubnet.ID
 
 		tenantRouterPort, _, err = ensurePort(client, nil, tenantNetwork, &securityGroups, log)
 		if err != nil {
@@ -997,9 +1077,6 @@ func EnsureAmphoraManagementNetwork(
 
 	return NetworkProvisioningSummary{
 		TenantNetworkID:            tenantNetworkID,
-		TenantSubnetID:             tenantSubnetID,
-		ProviderNetworkID:          providerNetwork.ID,
-		RouterID:                   router.ID,
 		SecurityGroupID:            lbMgmtSecurityGroupID,
 		ManagementSubnetCIDR:       managementSubnetCIDR,
 		ManagementSubnetGateway:    networkParameters.ProviderGateway.String(),
diff --git a/pkg/octavia/network_parameters.go b/pkg/octavia/network_parameters.go
@@ -124,6 +124,8 @@ func GetNetworkParametersFromNAD(
 		if err != nil {
 			return nil, fmt.Errorf("cannot parse gateway information: %w", err)
 		}
+	} else if !instance.Spec.LbMgmtNetworks.ManageLbMgmtNetworks {
+		return networkParameters, nil
 	} else {
 		return nil, fmt.Errorf("cannot find gateway information in network attachment")
 	}

Original file line number	Diff line number	Diff line change
`@@ -124,6 +124,8 @@ func GetNetworkParametersFromNAD(`
`124`	`124`	`if err != nil {`
`125`	`125`	`return nil, fmt.Errorf("cannot parse gateway information: %w", err)`
`126`	`126`	`}`
	`127`	`+ } else if !instance.Spec.LbMgmtNetworks.ManageLbMgmtNetworks {`
	`128`	`+ return networkParameters, nil`
`127`	`129`	`} else {`
`128`	`130`	`return nil, fmt.Errorf("cannot find gateway information in network attachment")`
`129`	`131`	`}`