From 80fd1656178032ba598714a04d9fac4b9d98d5d0 Mon Sep 17 00:00:00 2001 From: Brent Eagles Date: Tue, 30 Jul 2024 16:26:35 -0230 Subject: [PATCH 1/4] [uni04delta-ipv6] Add octavia Add service values and network configuration for octavia --- dt/uni04delta-ipv6/kustomization.yaml | 96 +++++++++++++++++++ dt/uni04delta-ipv6/nad.yaml | 11 +++ dt/uni04delta-ipv6/nncp/kustomization.yaml | 94 ++++++++++++++++++ examples/dt/uni04delta-ipv6/README.md | 56 +++++++++++ .../control-plane/nncp/values.yaml | 28 ++++++ .../control-plane/service-values.yaml | 17 ++++ 6 files changed, 302 insertions(+) diff --git a/dt/uni04delta-ipv6/kustomization.yaml b/dt/uni04delta-ipv6/kustomization.yaml index 37affda58..4f7da0be4 100644 --- a/dt/uni04delta-ipv6/kustomization.yaml +++ b/dt/uni04delta-ipv6/kustomization.yaml @@ -82,6 +82,7 @@ replacements: - spec.neutron.template.customServiceConfig options: create: true + - source: kind: ConfigMap name: network-values @@ -152,3 +153,98 @@ replacements: - spec.keystone.template.customServiceConfig options: create: true + + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.enabled + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.enabled + options: + create: true + + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.amphoraImageContainerImage + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.amphoraImageContainerImage + options: + create: true + + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.apacheContainerImage + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.apacheContainerImage + options: + create: true + + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.octaviaAPI.networkAttachments + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.octaviaAPI.networkAttachments + options: + create: true + + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.octaviaHousekeeping.networkAttachments + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.octaviaHousekeeping.networkAttachments + options: + create: true + + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.octaviaHealthManager.networkAttachments + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.octaviaHealthManager.networkAttachments + options: + create: true + + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.octaviaWorker.networkAttachments + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.octaviaWorker.networkAttachments + options: + create: true + + - source: + kind: ConfigMap + name: network-values + fieldPath: data.octavia.net-attach-def + targets: + - select: + kind: NetworkAttachmentDefinition + name: octavia + fieldPaths: + - spec.config diff --git a/dt/uni04delta-ipv6/nad.yaml b/dt/uni04delta-ipv6/nad.yaml index 5cf4d4cce..0b072b91d 100644 --- a/dt/uni04delta-ipv6/nad.yaml +++ b/dt/uni04delta-ipv6/nad.yaml @@ -9,3 +9,14 @@ metadata: spec: config: | _replaced_ +--- +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: octavia + labels: + osp/net: octavia + osp/net-attach-def-type: standard +spec: + config: | + _replaced_ diff --git a/dt/uni04delta-ipv6/nncp/kustomization.yaml b/dt/uni04delta-ipv6/nncp/kustomization.yaml index 2ba70b9ac..f8efe3140 100644 --- a/dt/uni04delta-ipv6/nncp/kustomization.yaml +++ b/dt/uni04delta-ipv6/nncp/kustomization.yaml @@ -118,6 +118,58 @@ patches: name: master-2 patch: *routes + - target: + kind: NodeNetworkConfigurationPolicy + name: master-0 + patch: &octvlan |- + - op: add + path: /spec/desiredState/interfaces/- + value: + description: Octavia vlan host interface + name: octavia + state: up + type: vlan + vlan: + base-iface: _replaced_ + id: _replaced_ + + - target: + kind: NodeNetworkConfigurationPolicy + name: master-1 + patch: *octvlan + + - target: + kind: NodeNetworkConfigurationPolicy + name: master-2 + patch: *octvlan + + - target: + kind: NodeNetworkConfigurationPolicy + name: master-0 + patch: &octbridge |- + - op: add + path: /spec/desiredState/interfaces/- + value: + description: Octavia bridge + mtu: 1500 + name: octbr + type: linux-bridge + bridge: + options: + stp: + enabled: false + port: + - name: octavia + + - target: + kind: NodeNetworkConfigurationPolicy + name: master-1 + patch: *octbridge + + - target: + kind: NodeNetworkConfigurationPolicy + name: master-2 + patch: *octbridge replacements: @@ -261,3 +313,45 @@ replacements: name: master-2 fieldPaths: - spec.desiredState.routes.config.1.destination + + - source: + kind: ConfigMap + name: network-values + fieldPath: data.octavia.base_iface + targets: + - select: + kind: NodeNetworkConfigurationPolicy + name: master-0 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.base-iface + - select: + kind: NodeNetworkConfigurationPolicy + name: master-1 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.base-iface + - select: + kind: NodeNetworkConfigurationPolicy + name: master-2 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.base-iface + + - source: + kind: ConfigMap + name: network-values + fieldPath: data.octavia.vlan + targets: + - select: + kind: NodeNetworkConfigurationPolicy + name: master-0 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.id + - select: + kind: NodeNetworkConfigurationPolicy + name: master-1 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.id + - select: + kind: NodeNetworkConfigurationPolicy + name: master-2 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.id diff --git a/examples/dt/uni04delta-ipv6/README.md b/examples/dt/uni04delta-ipv6/README.md index adb708004..a4104c803 100644 --- a/examples/dt/uni04delta-ipv6/README.md +++ b/examples/dt/uni04delta-ipv6/README.md @@ -41,6 +41,7 @@ and Manila OpenStack services configured with Ceph. | Tenant | VLAN tagged | | StorageManagement | VLAN tagged | | ironic | untagged | +| octavia | VLAN tagged | ### Services, enabled features and configurations @@ -55,6 +56,7 @@ and Manila OpenStack services configured with Ceph. | Barbican | | Must have | | Ironic | | Must have | | Telemetry | | Must have | +| Octavia | | Must have | #### Support services @@ -76,6 +78,60 @@ work properly and can be deployed with any/default configuration. - Default settings: TLSe - Cluster Observability Operator is installed on the platform. +##### Octavia + +Octavia is enabled with the appropriate network attachments configured to +deploy Octavia. It manages amphorae VMs through a self-service tenant network. +The Octavia Amphora controllers get access to it through a Neutron externally +routed flat provider network configured as a SNAT-less gateway for a neutron +router linked to the tenant networks. Host routes on the tenant network's +subnet and routes on the network attachment provide the required `next hop` +routing to establish the necessary bidirectional routing. + +This arrangement requires a network attachment for connecting the OVN and +Amphora Controller pods (octavia-housekeeping, octavia-healthmanager, +octavia-worker). Because Neutron ML2/OVN implements provider networks by +bridging the relevant physical interface - in this case the network-attachment, +there is an additional requirement that this attachment function when +bridged. As the default macvlan attachments do not function when bridged, a +bridge network attachment is used. + +Bridge attachments do not directly provide connectivity outside of the OCP +node. To implement this, the NodeNetworkConfigurationPolicy creates an VLAN +interface as is typical for the other networks, but does not configure an IP +pool as it is not needed. It is also not configured for metallb as it is solely +as part of a way to establish a L2 network link between nodes. The +NodeNetworkConfigurationPolicy also configures an octbr linux bridge which is +configured as the bridge for the network attachment mentioned above. It is also +configured to add the VLAN interface as a port, effectively linking the nodes +and the network attachments. + +```YAML +spec: + octavia: + enabled: true + template: + octaviaAPI: + networkAttachments: + - internalapi + octaviaHousekeeping: + networkAttachments: + - octavia + octaviaWorker: + networkAttachments: + - octavia + octaviaHealthManager: + networkAttachments: + - octavia + + ovn: + template: + ovncontroller: + nicMappings: + datacentre: ospbr + octavia: octbr +``` + ## Considerations/Constraints N/A diff --git a/examples/dt/uni04delta-ipv6/control-plane/nncp/values.yaml b/examples/dt/uni04delta-ipv6/control-plane/nncp/values.yaml index cd1b27d33..3a3468823 100644 --- a/examples/dt/uni04delta-ipv6/control-plane/nncp/values.yaml +++ b/examples/dt/uni04delta-ipv6/control-plane/nncp/values.yaml @@ -108,6 +108,34 @@ data: "range_end": "2620:cf:cf:bbbb::70" } } + + octavia: + dnsDomain: octavia.openstack.lab + mtu: 1500 + prefix-length: 64 + base_iface: enp7s0 + iface: octaviavlan + vlan: 25 + net-attach-def: | + { + "cniVersion": "0.3.1", + "name": "octavia", + "type": "bridge", + "bridge": "octbr", + "ipam": { + "type": "whereabouts", + "range": "2620:cf:ce:aaaa::/64", + "range_start": "2620:cf:ce:aaaa::30", + "range_end": "2620:cf:ce:aaaa::70", + "routes": [ + { + "dst": "fd6c:6261:6173:0001::/64", + "gw": "2620:cf:ce:aaaa::0096" + } + ] + } + } + storage: dnsDomain: storage.example.com subnets: diff --git a/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml b/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml index d96bf8bb0..490b121c7 100644 --- a/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml +++ b/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml @@ -168,6 +168,23 @@ data: compute-ironic: computeDriver: ironic.IronicDriver + octavia: + enabled: false + amphoraImageContainerImage: quay.io/gthiemonge/octavia-amphora-image + apacheContainerImage: registry.redhat.io/ubi9/httpd-24:latest + octaviaAPI: + networkAttachments: + - internalapi + octaviaHousekeeping: + networkAttachments: + - octavia + octaviaHealthManager: + networkAttachments: + - octavia + octaviaWorker: + networkAttachments: + - octavia + ovn: ovnController: nicMappings: From 69eb70e78608e6df9e48c21ba3936f87312e73eb Mon Sep 17 00:00:00 2001 From: Lilach Avraham Date: Wed, 6 Nov 2024 17:25:15 +0200 Subject: [PATCH 2/4] Update kustomization.yaml adding octavia-ca-passphrase --- dt/uni04delta-ipv6/kustomization.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/dt/uni04delta-ipv6/kustomization.yaml b/dt/uni04delta-ipv6/kustomization.yaml index 4f7da0be4..bc6fdd962 100644 --- a/dt/uni04delta-ipv6/kustomization.yaml +++ b/dt/uni04delta-ipv6/kustomization.yaml @@ -2,6 +2,13 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component +secretGenerator: + - name: octavia-ca-passphrase + literals: + - server-ca-passphrase=12345678 + options: + disableNameSuffixHash: true + transformers: - |- apiVersion: builtin From 4317ea4d0a5fa43b010b594da9d9f14086f14bf4 Mon Sep 17 00:00:00 2001 From: Lilach Avraham Date: Wed, 6 Nov 2024 17:26:27 +0200 Subject: [PATCH 3/4] Update service-values.yaml enable Octavia --- examples/dt/uni04delta-ipv6/control-plane/service-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml b/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml index 490b121c7..9d871d5d6 100644 --- a/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml +++ b/examples/dt/uni04delta-ipv6/control-plane/service-values.yaml @@ -169,7 +169,7 @@ data: computeDriver: ironic.IronicDriver octavia: - enabled: false + enabled: true amphoraImageContainerImage: quay.io/gthiemonge/octavia-amphora-image apacheContainerImage: registry.redhat.io/ubi9/httpd-24:latest octaviaAPI: From 1f8a2838e017787ab268b67f5021cdf497751305 Mon Sep 17 00:00:00 2001 From: Lilach Avraham Date: Mon, 6 Jan 2025 14:27:06 -0500 Subject: [PATCH 4/4] Update kustomization.yaml I created another PR to change (permissions issue) based on @shimi's comment https://github.com/openstack-k8s-operators/architecture/pull/442 --- dt/uni04delta-ipv6/kustomization.yaml | 102 -------------------------- 1 file changed, 102 deletions(-) diff --git a/dt/uni04delta-ipv6/kustomization.yaml b/dt/uni04delta-ipv6/kustomization.yaml index bc6fdd962..9d1906062 100644 --- a/dt/uni04delta-ipv6/kustomization.yaml +++ b/dt/uni04delta-ipv6/kustomization.yaml @@ -2,13 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -secretGenerator: - - name: octavia-ca-passphrase - literals: - - server-ca-passphrase=12345678 - options: - disableNameSuffixHash: true - transformers: - |- apiVersion: builtin @@ -160,98 +153,3 @@ replacements: - spec.keystone.template.customServiceConfig options: create: true - - - source: - kind: ConfigMap - name: service-values - fieldPath: data.octavia.enabled - targets: - - select: - kind: OpenStackControlPlane - fieldPaths: - - spec.octavia.enabled - options: - create: true - - - source: - kind: ConfigMap - name: service-values - fieldPath: data.octavia.amphoraImageContainerImage - targets: - - select: - kind: OpenStackControlPlane - fieldPaths: - - spec.octavia.template.amphoraImageContainerImage - options: - create: true - - - source: - kind: ConfigMap - name: service-values - fieldPath: data.octavia.apacheContainerImage - targets: - - select: - kind: OpenStackControlPlane - fieldPaths: - - spec.octavia.template.apacheContainerImage - options: - create: true - - - source: - kind: ConfigMap - name: service-values - fieldPath: data.octavia.octaviaAPI.networkAttachments - targets: - - select: - kind: OpenStackControlPlane - fieldPaths: - - spec.octavia.template.octaviaAPI.networkAttachments - options: - create: true - - - source: - kind: ConfigMap - name: service-values - fieldPath: data.octavia.octaviaHousekeeping.networkAttachments - targets: - - select: - kind: OpenStackControlPlane - fieldPaths: - - spec.octavia.template.octaviaHousekeeping.networkAttachments - options: - create: true - - - source: - kind: ConfigMap - name: service-values - fieldPath: data.octavia.octaviaHealthManager.networkAttachments - targets: - - select: - kind: OpenStackControlPlane - fieldPaths: - - spec.octavia.template.octaviaHealthManager.networkAttachments - options: - create: true - - - source: - kind: ConfigMap - name: service-values - fieldPath: data.octavia.octaviaWorker.networkAttachments - targets: - - select: - kind: OpenStackControlPlane - fieldPaths: - - spec.octavia.template.octaviaWorker.networkAttachments - options: - create: true - - - source: - kind: ConfigMap - name: network-values - fieldPath: data.octavia.net-attach-def - targets: - - select: - kind: NetworkAttachmentDefinition - name: octavia - fieldPaths: - - spec.config