Define routes of the management network in the operator

In case the gateway of the management network is not defined in the NAD
Select an address in the CIDR and use it for the gateway

Author: gthiemonge

api/bases/octavia.openstack.org_octaviaamphoracontrollers.yaml

@@ -127,6 +127,12 @@ spec:
                 description: NodeSelector to target subset of worker nodes running
                   this service
                 type: object
+              octaviaProviderSubnetCIDR:
+                description: OctaviaProviderSubnetCIDR -
+                type: string
+              octaviaProviderSubnetGateway:
+                description: OctaviaProviderSubnetGateway -
+                type: string
               passwordSelectors:
                 default:
                   service: OctaviaPassword

api/bases/octavia.openstack.org_octavias.yaml

@@ -580,6 +580,12 @@ spec:
                     description: NodeSelector to target subset of worker nodes running
                       this service
                     type: object
+                  octaviaProviderSubnetCIDR:
+                    description: OctaviaProviderSubnetCIDR -
+                    type: string
+                  octaviaProviderSubnetGateway:
+                    description: OctaviaProviderSubnetGateway -
+                    type: string
                   passwordSelectors:
                     default:
                       service: OctaviaPassword
@@ -775,6 +781,12 @@ spec:
                     description: NodeSelector to target subset of worker nodes running
                       this service
                     type: object
+                  octaviaProviderSubnetCIDR:
+                    description: OctaviaProviderSubnetCIDR -
+                    type: string
+                  octaviaProviderSubnetGateway:
+                    description: OctaviaProviderSubnetGateway -
+                    type: string
                   passwordSelectors:
                     default:
                       service: OctaviaPassword
@@ -975,6 +987,12 @@ spec:
                     description: NodeSelector to target subset of worker nodes running
                       this service
                     type: object
+                  octaviaProviderSubnetCIDR:
+                    description: OctaviaProviderSubnetCIDR -
+                    type: string
+                  octaviaProviderSubnetGateway:
+                    description: OctaviaProviderSubnetGateway -
+                    type: string
                   passwordSelectors:
                     default:
                       service: OctaviaPassword

api/v1beta1/amphoracontroller_types.go

@@ -143,6 +143,14 @@ type OctaviaAmphoraControllerSpecCore struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
 	// TLS - Parameters related to the TLS
 	TLS tls.Ca `json:"tls,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	// OctaviaProviderSubnetGateway -
+	OctaviaProviderSubnetGateway string `json:"octaviaProviderSubnetGateway"`
+
+	// +kubebuilder:validation:Optional
+	// OctaviaProviderSubnetCIDR -
+	OctaviaProviderSubnetCIDR string `json:"octaviaProviderSubnetCIDR"`
 }
 
 // OctaviaAmphoraControllerStatus defines the observed state of the Octavia Amphora Controller

config/crd/bases/octavia.openstack.org_octaviaamphoracontrollers.yaml

@@ -127,6 +127,12 @@ spec:
                 description: NodeSelector to target subset of worker nodes running
                   this service
                 type: object
+              octaviaProviderSubnetCIDR:
+                description: OctaviaProviderSubnetCIDR -
+                type: string
+              octaviaProviderSubnetGateway:
+                description: OctaviaProviderSubnetGateway -
+                type: string
               passwordSelectors:
                 default:
                   service: OctaviaPassword

config/crd/bases/octavia.openstack.org_octavias.yaml

@@ -580,6 +580,12 @@ spec:
                     description: NodeSelector to target subset of worker nodes running
                       this service
                     type: object
+                  octaviaProviderSubnetCIDR:
+                    description: OctaviaProviderSubnetCIDR -
+                    type: string
+                  octaviaProviderSubnetGateway:
+                    description: OctaviaProviderSubnetGateway -
+                    type: string
                   passwordSelectors:
                     default:
                       service: OctaviaPassword
@@ -775,6 +781,12 @@ spec:
                     description: NodeSelector to target subset of worker nodes running
                       this service
                     type: object
+                  octaviaProviderSubnetCIDR:
+                    description: OctaviaProviderSubnetCIDR -
+                    type: string
+                  octaviaProviderSubnetGateway:
+                    description: OctaviaProviderSubnetGateway -
+                    type: string
                   passwordSelectors:
                     default:
                       service: OctaviaPassword
@@ -975,6 +987,12 @@ spec:
                     description: NodeSelector to target subset of worker nodes running
                       this service
                     type: object
+                  octaviaProviderSubnetCIDR:
+                    description: OctaviaProviderSubnetCIDR -
+                    type: string
+                  octaviaProviderSubnetGateway:
+                    description: OctaviaProviderSubnetGateway -
+                    type: string
                   passwordSelectors:
                     default:
                       service: OctaviaPassword

controllers/octavia_controller.go

@@ -1333,6 +1333,8 @@ func (r *OctaviaReconciler) amphoraControllerDaemonSetCreateOrUpdate(
 		daemonset.Spec.AmphoraCustomFlavors = instance.Spec.AmphoraCustomFlavors
 		daemonset.Spec.TLS = instance.Spec.OctaviaAPI.TLS.Ca
 		daemonset.Spec.AmphoraImageOwnerID = ampImageOwnerID
+		daemonset.Spec.OctaviaProviderSubnetGateway = networkInfo.ManagementSubnetGateway
+		daemonset.Spec.OctaviaProviderSubnetCIDR = networkInfo.ManagementSubnetCIDR
 		if len(daemonset.Spec.NodeSelector) == 0 {
 			daemonset.Spec.NodeSelector = instance.Spec.NodeSelector
 		}

pkg/amphoracontrollers/daemonset.go

@@ -84,6 +84,9 @@ func DaemonSet(
 	envVars["KOLLA_CONFIG_STRATEGY"] = env.SetValue("COPY_ALWAYS")
 	envVars["CONFIG_HASH"] = env.SetValue(configHash)
 
+	envVars["MGMT_CIDR"] = env.SetValue(instance.Spec.OctaviaProviderSubnetCIDR)
+	envVars["MGMT_GATEWAY"] = env.SetValue(instance.Spec.OctaviaProviderSubnetGateway)
+
 	// Add the CA bundle
 	if instance.Spec.TLS.CaBundleSecretName != "" {
 		volumes = append(volumes, instance.Spec.TLS.CreateVolume())

pkg/octavia/lb_mgmt_network.go

@@ -33,12 +33,14 @@ import (
 )
 
 type NetworkProvisioningSummary struct {
-	TenantNetworkID    string
-	TenantSubnetID     string
-	TenantRouterPortID string
-	ProviderNetworkID  string
-	RouterID           string
-	SecurityGroupID    string
+	TenantNetworkID         string
+	TenantSubnetID          string
+	TenantRouterPortID      string
+	ProviderNetworkID       string
+	RouterID                string
+	SecurityGroupID         string
+	ManagementSubnetCIDR    string
+	ManagementSubnetGateway string
 }
 
 //
@@ -870,11 +872,13 @@ func EnsureAmphoraManagementNetwork(
 	}
 
 	return NetworkProvisioningSummary{
-		TenantNetworkID:    tenantNetwork.ID,
-		TenantSubnetID:     tenantSubnet.ID,
-		TenantRouterPortID: tenantRouterPort.ID,
-		ProviderNetworkID:  providerNetwork.ID,
-		RouterID:           router.ID,
-		SecurityGroupID:    lbMgmtSecurityGroupID,
+		TenantNetworkID:         tenantNetwork.ID,
+		TenantSubnetID:          tenantSubnet.ID,
+		TenantRouterPortID:      tenantRouterPort.ID,
+		ProviderNetworkID:       providerNetwork.ID,
+		RouterID:                router.ID,
+		SecurityGroupID:         lbMgmtSecurityGroupID,
+		ManagementSubnetCIDR:    networkParameters.TenantCIDR.String(),
+		ManagementSubnetGateway: networkParameters.ProviderGateway.String(),
 	}, nil
 }

templates/octaviaamphoracontroller/bin/octavia_healthmanager_start.sh renamed to templates/octaviaamphoracontroller/bin/octavia_controller_start.sh

@@ -15,6 +15,10 @@
 # under the License.
 set -ex
 
-/usr/local/bin/container-scripts/octavia_hm_advertisement.py octavia
+/usr/local/bin/container-scripts/octavia_mgmt_subnet_route.py octavia "$MGMT_CIDR" "$MGMT_GATEWAY"
 
-exec /usr/bin/octavia-health-manager --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf
+if [ "$1" = "octavia-health-manager" ]; then
+    /usr/local/bin/container-scripts/octavia_hm_advertisement.py octavia
+fi
+
+exec /usr/bin/$1 --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf

templates/octaviaamphoracontroller/bin/octavia_mgmt_subnet_route.py

@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+#
+# Copyright 2024 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import sys
+import socket
+
+from pyroute2 import IPRoute
+
+try:
+    interface_name = sys.argv[1]
+    dst = sys.argv[2]
+    gateway = sys.argv[3]
+except IndexError:
+    print(f"usage: {sys.argv[0]} <interface_name> <dst> <gateway>")
+    sys.exit(1)
+
+ip = IPRoute()
+
+try:
+    idx = ip.link_lookup(ifname=interface_name)[0]
+except IndexError:
+    print(f"Cannot find interface '{interface_name}', skipping")
+    sys.exit(0)
+
+try:
+    ip.route('add', index=idx, dst=dst, gateway=gateway)
+except Exception as e:
+    print(f"Cannot set route {dst} via {gateway}: {e}")