Create provider network based on NAD Config

Configuration is based on the NAD passed in the
Octavia.Spec.OctaviaNetworkAttachment string (default 'octavia')

JIRA: OSPRH-7553

Author: gthiemonge

api/bases/octavia.openstack.org_octavias.yaml

@@ -892,6 +892,11 @@ spec:
                 - secret
                 - serviceAccount
                 type: object
+              octaviaNetworkAttachment:
+                default: octavia
+                description: OctaviaNetworkAttachment is a NetworkAttachment resource
+                  name for the Octavia Management Network
+                type: string
               octaviaWorker:
                 description: OctaviaHousekeeping - Spec definition for the Octavia
                   Housekeeping agent for the Octavia deployment
@@ -1197,6 +1202,7 @@ spec:
             - apacheContainerImage
             - databaseInstance
             - octaviaAPI
+            - octaviaNetworkAttachment
             - rabbitMqClusterName
             - secret
             type: object

api/v1beta1/octavia_types.go

@@ -192,6 +192,11 @@ type OctaviaSpecBase struct {
 	// +kubebuilder:validation:Required
 	// Apache Container Image URL
 	ApacheContainerImage string `json:"apacheContainerImage"`
+
+	// +kubebuilder:validation:Required
+	// +kubebuilder:default=octavia
+	// OctaviaNetworkAttachment is a NetworkAttachment resource name for the Octavia Management Network
+	OctaviaNetworkAttachment string `json:"octaviaNetworkAttachment"`
 }
 
 // PasswordSelector to identify the DB and AdminUser password from the Secret

config/crd/bases/octavia.openstack.org_octavias.yaml

@@ -892,6 +892,11 @@ spec:
                 - secret
                 - serviceAccount
                 type: object
+              octaviaNetworkAttachment:
+                default: octavia
+                description: OctaviaNetworkAttachment is a NetworkAttachment resource
+                  name for the Octavia Management Network
+                type: string
               octaviaWorker:
                 description: OctaviaHousekeeping - Spec definition for the Octavia
                   Housekeeping agent for the Octavia deployment
@@ -1197,6 +1202,7 @@ spec:
             - apacheContainerImage
             - databaseInstance
             - octaviaAPI
+            - octaviaNetworkAttachment
             - rabbitMqClusterName
             - secret
             type: object

controllers/octavia_controller.go

@@ -642,13 +642,24 @@ func (r *OctaviaReconciler) reconcileNormal(ctx context.Context, instance *octav
 	// Amphora reconciliation
 	// ------------------------------------------------------------------------------------------------------------
 
+	nad, err := nad.GetNADWithName(ctx, helper, instance.Spec.OctaviaNetworkAttachment, instance.Namespace)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
+	networkParameters, err := octavia.GetNetworkParametersFromNAD(nad)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+
 	// Create load balancer management network and get its Id (networkInfo is actually a struct and contains
 	// multiple details.
 	networkInfo, err := octavia.EnsureAmphoraManagementNetwork(
 		ctx,
 		instance.Namespace,
 		instance.Spec.TenantName,
 		&instance.Spec.LbMgmtNetworks,
+		networkParameters,
 		&Log,
 		helper,
 	)

pkg/octavia/lb_mgmt_network.go

@@ -291,20 +291,29 @@ func ensureNetworkExt(client *gophercloud.ServiceClient, createOpts networks.Cre
 	return foundNetwork, nil
 }
 
-func ensureProvSubnet(client *gophercloud.ServiceClient, providerNetwork *networks.Network, log *logr.Logger) (
-	*subnets.Subnet, error) {
-	gatewayIP := LbProvSubnetGatewayIP
+func ensureProvSubnet(
+	client *gophercloud.ServiceClient,
+	providerNetwork *networks.Network,
+	networkParameters *NetworkParameters,
+	log *logr.Logger,
+) (*subnets.Subnet, error) {
+	var gatewayIP string
+	if networkParameters.Gateway.IsValid() {
+		gatewayIP = networkParameters.Gateway.String()
+	} else {
+		gatewayIP = ""
+	}
 	createOpts := subnets.CreateOpts{
 		Name:        LbProvSubnetName,
 		Description: LbProvSubnetDescription,
 		NetworkID:   providerNetwork.ID,
 		TenantID:    providerNetwork.TenantID,
-		CIDR:        LbProvSubnetCIDR,
+		CIDR:        networkParameters.CIDR.String(),
 		IPVersion:   gophercloud.IPVersion(4),
 		AllocationPools: []subnets.AllocationPool{
 			{
-				Start: LbProvSubnetAllocationPoolStart,
-				End:   LbProvSubnetAllocationPoolEnd,
+				Start: networkParameters.AllocationStart.String(),
+				End:   networkParameters.AllocationEnd.String(),
 			},
 		},
 		GatewayIP: &gatewayIP,
@@ -339,6 +348,7 @@ func ensureLbMgmtSubnet(
 	client *gophercloud.ServiceClient,
 	networkDetails *octaviav1.OctaviaLbMgmtNetworks,
 	tenantNetwork *networks.Network,
+	networkParameters *NetworkParameters,
 	log *logr.Logger,
 ) (*subnets.Subnet, error) {
 	ipVersion := networkDetails.SubnetIPVersion
@@ -381,7 +391,7 @@ func ensureLbMgmtSubnet(
 			},
 			HostRoutes: []subnets.HostRoute{
 				{
-					DestinationCIDR: LbProvSubnetCIDR,
+					DestinationCIDR: networkParameters.CIDR.String(),
 					NextHop:         LbMgmtRouterPortIPv4,
 				},
 			},
@@ -422,10 +432,10 @@ func ensureLbMgmtNetwork(client *gophercloud.ServiceClient, networkDetails *octa
 	return mgmtNetwork, nil
 }
 
-func externalFixedIPs(subnetID string) []routers.ExternalFixedIP {
+func externalFixedIPs(subnetID string, networkParameters *NetworkParameters) []routers.ExternalFixedIP {
 	ips := []routers.ExternalFixedIP{
 		{
-			IPAddress: LbRouterFixedIPAddress,
+			IPAddress: networkParameters.RouterIPAddress.String(),
 			SubnetID:  subnetID,
 		},
 	}
@@ -452,6 +462,7 @@ func compareExternalFixedIPs(a []routers.ExternalFixedIP, b []routers.ExternalFi
 func reconcileRouter(client *gophercloud.ServiceClient, router *routers.Router,
 	gatewayNetwork *networks.Network,
 	gatewaySubnet *subnets.Subnet,
+	networkParameters *NetworkParameters,
 	log *logr.Logger) (*routers.Router, error) {
 
 	if !router.AdminStateUp {
@@ -464,7 +475,7 @@ func reconcileRouter(client *gophercloud.ServiceClient, router *routers.Router,
 	needsUpdate := false
 	updateInfo := routers.UpdateOpts{}
 	enableSNAT := false
-	fixedIPs := externalFixedIPs(gatewaySubnet.ID)
+	fixedIPs := externalFixedIPs(gatewaySubnet.ID, networkParameters)
 
 	//
 	// TODO(beagles) we don't care about the other fields right now because we
@@ -752,6 +763,7 @@ func EnsureAmphoraManagementNetwork(
 	ns string,
 	tenantName string,
 	netDetails *octaviav1.OctaviaLbMgmtNetworks,
+	networkParameters *NetworkParameters,
 	log *logr.Logger,
 	helper *helper.Helper,
 ) (NetworkProvisioningSummary, error) {
@@ -772,7 +784,7 @@ func EnsureAmphoraManagementNetwork(
 	if err != nil {
 		return NetworkProvisioningSummary{}, err
 	}
-	tenantSubnet, err := ensureLbMgmtSubnet(client, netDetails, tenantNetwork, log)
+	tenantSubnet, err := ensureLbMgmtSubnet(client, netDetails, tenantNetwork, networkParameters, log)
 	if err != nil {
 		return NetworkProvisioningSummary{}, err
 	}
@@ -811,7 +823,7 @@ func EnsureAmphoraManagementNetwork(
 		return NetworkProvisioningSummary{}, err
 	}
 
-	providerSubnet, err := ensureProvSubnet(client, providerNetwork, log)
+	providerSubnet, err := ensureProvSubnet(client, providerNetwork, networkParameters, log)
 	if err != nil {
 		return NetworkProvisioningSummary{}, err
 	}
@@ -822,7 +834,7 @@ func EnsureAmphoraManagementNetwork(
 	}
 	if router != nil {
 		log.Info("Router object found, reconciling")
-		router, err = reconcileRouter(client, router, providerNetwork, providerSubnet, log)
+		router, err = reconcileRouter(client, router, providerNetwork, providerSubnet, networkParameters, log)
 		if err != nil {
 			return NetworkProvisioningSummary{}, err
 		}
@@ -833,7 +845,7 @@ func EnsureAmphoraManagementNetwork(
 		gatewayInfo := routers.GatewayInfo{
 			NetworkID:        providerNetwork.ID,
 			EnableSNAT:       &enableSNAT,
-			ExternalFixedIPs: externalFixedIPs(providerSubnet.ID),
+			ExternalFixedIPs: externalFixedIPs(providerSubnet.ID, networkParameters),
 		}
 		adminStateUp := true
 		createOpts := routers.CreateOpts{

pkg/octavia/network_consts.go

@@ -83,19 +83,10 @@ const (
 	// LbProvSubnetDescription -
 	LbProvSubnetDescription = "LBaaS Management Provider Subnet"
 
-	// IPv4 consts
-
-	// LbProvSubnetCIDR -
-	LbProvSubnetCIDR = "172.23.0.0/24"
-
-	// LbProvSubnetAllocationPoolStart -
-	LbProvSubnetAllocationPoolStart = "172.23.0.100"
+	// LbProvSubnetPoolSize -
+	LbProvSubnetPoolSize = 25
 
-	// LbProvSubnetAllocationPoolEnd -
-	LbProvSubnetAllocationPoolEnd = "172.23.0.125"
-
-	// LbProvSubnetGatewayIP -
-	LbProvSubnetGatewayIP = ""
+	// IPv4 consts
 
 	// TODO(beagles): support IPv6 for the provider network.
 	// LbRouterName -
@@ -104,9 +95,6 @@ const (
 	// LbProvPhysicalNet -
 	LbProvPhysicalNet = "octavia"
 
-	// LbRouterFixedIPAddress
-	LbRouterFixedIPAddress = "172.23.0.150"
-
 	// LbMgmtRouterPortName
 	LbMgmtRouterPortName = "lb-mgmt-router-port"
 

pkg/octavia/network_parameters.go

@@ -0,0 +1,80 @@
+package octavia
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/netip"
+
+	networkv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1"
+)
+
+// NetworkParameters - Parameters for the Octavia networks, based on the config of the NAD
+type NetworkParameters struct {
+	CIDR            netip.Prefix
+	AllocationStart netip.Addr
+	AllocationEnd   netip.Addr
+	Gateway         netip.Addr
+	RouterIPAddress netip.Addr
+}
+
+// NADConfig - IPAM parameters of the NAD
+type NADConfig struct {
+	IPAM NADIpam `json:"ipam"`
+}
+
+type NADIpam struct {
+	CIDR       netip.Prefix `json:"range"`
+	RangeStart netip.Addr   `json:"range_start"`
+	RangeEnd   netip.Addr   `json:"range_end"`
+
+	Routes []NADRoute `json:"routes"`
+}
+
+type NADRoute struct {
+	Gateway netip.Addr `json:"gw"`
+}
+
+func getConfigFromNAD(
+	nad *networkv1.NetworkAttachmentDefinition,
+) (*NADConfig, error) {
+	nadConfig := &NADConfig{}
+	jsonDoc := []byte(nad.Spec.Config)
+	err := json.Unmarshal(jsonDoc, nadConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return nadConfig, nil
+}
+
+func GetNetworkParametersFromNAD(
+	nad *networkv1.NetworkAttachmentDefinition,
+) (*NetworkParameters, error) {
+	networkParameters := &NetworkParameters{}
+
+	nadConfig, err := getConfigFromNAD(nad)
+	if err != nil {
+		return nil, fmt.Errorf("cannot read network parameters: %w", err)
+	}
+
+	networkParameters.CIDR = nadConfig.IPAM.CIDR
+
+	networkParameters.AllocationStart = nadConfig.IPAM.RangeEnd.Next()
+	end := networkParameters.AllocationStart
+	for i := 0; i < LbProvSubnetPoolSize; i++ {
+		if !networkParameters.CIDR.Contains(end) {
+			return nil, fmt.Errorf("cannot allocate %d IP addresses in %s", LbProvSubnetPoolSize, networkParameters.CIDR)
+		}
+		end = end.Next()
+	}
+	networkParameters.AllocationEnd = end
+	// TODO(gthiemonge) Remove routes from NAD, manage them in the operator
+	if len(nadConfig.IPAM.Routes) > 0 {
+		networkParameters.RouterIPAddress = nadConfig.IPAM.Routes[0].Gateway
+	} else {
+		return nil, fmt.Errorf("cannot find gateway information in network attachment")
+	}
+	// Gateway is currently unset
+
+	return networkParameters, err
+}