From 6da01650b402ed8589c1b1a6b3d177f659c0cd46 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Thu, 11 Jun 2026 21:02:50 -0400 Subject: [PATCH] Add Octavia support for SKMO multi-namespace deployment Add reusable va/ components for Octavia: - networking-octavia: NetConfig skeleton and NAD replacements - octavia-network-values: dedicated ConfigMap with network parameters - octavia-service-values: dedicated ConfigMap with service parameters - octavia-controlplane: shared OSCP replacements (service config, images, network attachments, OVN nicMappings, CA passphrase secret) Wire Octavia into examples/va/multi-namespace-skmo: control-plane networking (NAD, NetConfig, NNCP), EDPM bridge mapping, and MetalLB ctlplane bridge patch. Dependency flow is examples/ -> va/ (no reverse references). Signed-off-by: Ade Lee Assisted-by: Claude Opus 4.6 --- automation/vars/multi-namespace-skmo.yaml | 33 ++-- .../kustomization.yaml | 23 +++ .../edpm-octavia-ansible-vars.yaml | 57 ++++++ .../octavia-edpm-bridge/kustomization.yaml | 10 ++ .../control-plane/kustomization.yaml | 6 + .../networking/kustomization.yaml | 11 ++ .../networking/nncp/kustomization.yaml | 170 ++++++++++++++++++ .../networking/octavia-netattach.yaml | 11 ++ .../control-plane/octavia-ca-passphrase.yaml | 8 + .../control-plane/service-values.yaml | 18 ++ .../control-plane2/kustomization.yaml | 4 + .../networking/kustomization.yaml | 10 ++ .../networking/nncp/kustomization.yaml | 7 + .../networking/octavia-netattach.yaml | 11 ++ .../control-plane2/octavia-ca-passphrase.yaml | 8 + .../control-plane2/service-values.yaml | 4 + .../edpm/nodeset/kustomization.yaml | 9 + .../edpm2/nodeset/kustomization.yaml | 9 + .../networking/kustomization.yaml | 22 +-- .../networking-octavia/kustomization.yaml | 61 +++++++ .../octavia-controlplane/kustomization.yaml | 113 ++++++++++++ .../octavia-network-values/kustomization.yaml | 7 + .../octavia-network-values.yaml | 40 +++++ .../octavia-service-values/kustomization.yaml | 10 ++ .../octavia-service-values.yaml | 29 +++ .../networking/kustomization.yaml | 25 +++ zuul.d/validations.yaml | 13 +- 27 files changed, 688 insertions(+), 41 deletions(-) create mode 100644 examples/va/multi-namespace-skmo/components/metallb-ctlplane-bridge/kustomization.yaml create mode 100644 examples/va/multi-namespace-skmo/components/octavia-edpm-bridge/edpm-octavia-ansible-vars.yaml create mode 100644 examples/va/multi-namespace-skmo/components/octavia-edpm-bridge/kustomization.yaml create mode 100644 examples/va/multi-namespace-skmo/control-plane/networking/kustomization.yaml create mode 100644 examples/va/multi-namespace-skmo/control-plane/networking/nncp/kustomization.yaml create mode 100644 examples/va/multi-namespace-skmo/control-plane/networking/octavia-netattach.yaml create mode 100644 examples/va/multi-namespace-skmo/control-plane/octavia-ca-passphrase.yaml create mode 100644 examples/va/multi-namespace-skmo/control-plane2/networking/kustomization.yaml create mode 100644 examples/va/multi-namespace-skmo/control-plane2/networking/nncp/kustomization.yaml create mode 100644 examples/va/multi-namespace-skmo/control-plane2/networking/octavia-netattach.yaml create mode 100644 examples/va/multi-namespace-skmo/control-plane2/octavia-ca-passphrase.yaml create mode 100644 examples/va/multi-namespace-skmo/edpm/nodeset/kustomization.yaml create mode 100644 examples/va/multi-namespace-skmo/edpm2/nodeset/kustomization.yaml create mode 100644 va/multi-namespace-skmo/networking-octavia/kustomization.yaml create mode 100644 va/multi-namespace-skmo/octavia-controlplane/kustomization.yaml create mode 100644 va/multi-namespace-skmo/octavia-network-values/kustomization.yaml create mode 100644 va/multi-namespace-skmo/octavia-network-values/octavia-network-values.yaml create mode 100644 va/multi-namespace-skmo/octavia-service-values/kustomization.yaml create mode 100644 va/multi-namespace-skmo/octavia-service-values/octavia-service-values.yaml create mode 100644 va/multi-namespace/control-plane/networking/kustomization.yaml diff --git a/automation/vars/multi-namespace-skmo.yaml b/automation/vars/multi-namespace-skmo.yaml index d5b36474d..57db7990b 100644 --- a/automation/vars/multi-namespace-skmo.yaml +++ b/automation/vars/multi-namespace-skmo.yaml @@ -15,7 +15,7 @@ vas: build_output: namespace.yaml - name: nncp-configuration # stage 1 - path: examples/va/multi-namespace/control-plane/networking/nncp + path: examples/va/multi-namespace-skmo/control-plane/networking/nncp wait_conditions: # We don't wait for these NNCPs at this stage, because we'll wait for # both namespaces in the next stage so that they can deploy in parallel @@ -26,24 +26,24 @@ vas: --timeout=5m values: - name: network-values - src_file: values.yaml + src_file: ../../../../multi-namespace/control-plane/networking/nncp/values.yaml build_output: nncp.yaml - name: nncp-configuration2 # stage 2 - path: examples/va/multi-namespace/control-plane2/networking/nncp + path: examples/va/multi-namespace-skmo/control-plane2/networking/nncp wait_conditions: - >- - oc -n openstack wait nncp + oc -n openstack2 wait nncp -l osp/nncm-config-type=standard --for jsonpath='{.status.conditions[0].reason}'=SuccessfullyConfigured --timeout=5m values: - name: network-values2 - src_file: values.yaml + src_file: ../../../../multi-namespace/control-plane2/networking/nncp/values.yaml build_output: nncp2.yaml - name: network-configuration # stage 3 - path: examples/va/multi-namespace/control-plane/networking + path: examples/va/multi-namespace-skmo/control-plane/networking wait_conditions: - >- oc -n metallb-system wait pod @@ -52,11 +52,11 @@ vas: --timeout=5m values: - name: network-values - src_file: nncp/values.yaml + src_file: ../../../multi-namespace/control-plane/networking/nncp/values.yaml build_output: network.yaml - name: network-configuration2 # stage 4 - path: examples/va/multi-namespace/control-plane2/networking + path: examples/va/multi-namespace-skmo/control-plane2/networking wait_conditions: - >- oc -n metallb-system wait pod @@ -65,7 +65,7 @@ vas: --timeout=5m values: - name: network-values2 - src_file: nncp/values.yaml + src_file: ../../../multi-namespace/control-plane2/networking/nncp/values.yaml build_output: network2.yaml - pre_stage_run: # stage 5 @@ -222,7 +222,7 @@ vas: inventory: "${HOME}/ci-framework-data/artifacts/zuul_inventory.yml" - name: edpm-nodeset # stage 7 - path: examples/va/multi-namespace/edpm/nodeset + path: examples/va/multi-namespace-skmo/edpm/nodeset wait_conditions: # We don't wait for this namespace's OpenStackDataPlaneNodeSet at # this stage, because we'll wait for both namespaces in the next @@ -233,7 +233,7 @@ vas: --timeout=5m values: - name: edpm-nodeset-values - src_file: values.yaml + src_file: ../../../multi-namespace/edpm/nodeset/values.yaml build_output: nodeset.yaml - pre_stage_run: # stage 8 @@ -242,7 +242,7 @@ vas: source: "../../playbooks/multi-namespace/ns2_osdp_services.yaml" inventory: "${HOME}/ci-framework-data/artifacts/zuul_inventory.yml" name: edpm-nodeset2 - path: examples/va/multi-namespace/edpm2/nodeset + path: examples/va/multi-namespace-skmo/edpm2/nodeset wait_conditions: - >- oc -n openstack wait @@ -254,10 +254,15 @@ vas: --timeout=10m values: - name: edpm-nodeset2-values - src_file: values.yaml + src_file: ../../../multi-namespace/edpm2/nodeset/values.yaml build_output: nodeset2.yaml - - name: edpm-deployment # stage 9 + - pre_stage_run: # stage 9 + - name: Recreate EDPM deployments when NodeSet config hash drifted + type: playbook + source: "skmo/recreate-edpm-deployment-if-stale.yaml" + inventory: "${HOME}/ci-framework-data/artifacts/zuul_inventory.yml" + name: edpm-deployment path: examples/va/multi-namespace/edpm wait_conditions: # We don't wait for this namespace's OpenStackDataPlaneDeployment at diff --git a/examples/va/multi-namespace-skmo/components/metallb-ctlplane-bridge/kustomization.yaml b/examples/va/multi-namespace-skmo/components/metallb-ctlplane-bridge/kustomization.yaml new file mode 100644 index 000000000..91896772a --- /dev/null +++ b/examples/va/multi-namespace-skmo/components/metallb-ctlplane-bridge/kustomization.yaml @@ -0,0 +1,23 @@ +--- +# SKMO uses linux-bridge ospbr for ctlplane (NNCP). MetalLB must announce VIPs on +# the bridge, not the raw NIC (enp7s0), or EDPM nodes cannot reach dnsmasq UDP/53. +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +patches: + - target: + group: metallb.io + kind: L2Advertisement + name: ctlplane + patch: |- + - op: replace + path: /spec/interfaces/0 + value: ospbr + - target: + group: metallb.io + kind: L2Advertisement + name: ctlplane2 + patch: |- + - op: replace + path: /spec/interfaces/0 + value: ospbr2 diff --git a/examples/va/multi-namespace-skmo/components/octavia-edpm-bridge/edpm-octavia-ansible-vars.yaml b/examples/va/multi-namespace-skmo/components/octavia-edpm-bridge/edpm-octavia-ansible-vars.yaml new file mode 100644 index 000000000..e6a6e8aa3 --- /dev/null +++ b/examples/va/multi-namespace-skmo/components/octavia-edpm-bridge/edpm-octavia-ansible-vars.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: edpm-nodeset-values +data: + nodeset: + ansible: + ansibleVars: + edpm_ovn_bridge_mappings: + - "datacentre:br-ex" + - "octavia:octbr" + edpm_network_config_template: | + --- + {% set mtu_list = [ctlplane_mtu] %} + {% for network in nodeset_networks %} + {% set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} + {%- endfor %} + {% set min_viable_mtu = mtu_list | max %} + network_config: + - type: interface + name: nic1 + use_dhcp: true + mtu: {{ min_viable_mtu }} + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }} + mtu: {{ min_viable_mtu }} + use_dhcp: false + dns_servers: {{ ctlplane_dns_nameservers }} + domain: {{ dns_search_domains }} + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} + routes: {{ ctlplane_host_routes }} + members: + - type: interface + name: nic2 + mtu: {{ min_viable_mtu }} + # force the MAC address of the bridge to this interface + primary: true + {% for network in nodeset_networks %} + - type: vlan + mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} + vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} + addresses: + - ip_netmask: + {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} + routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} + {% endfor %} + - type: ovs_bridge + name: octbr + mtu: {{ min_viable_mtu }} + use_dhcp: false + members: + - type: vlan + mtu: {{ min_viable_mtu }} + vlan_id: 23 + device: nic2 diff --git a/examples/va/multi-namespace-skmo/components/octavia-edpm-bridge/kustomization.yaml b/examples/va/multi-namespace-skmo/components/octavia-edpm-bridge/kustomization.yaml new file mode 100644 index 000000000..ba490412f --- /dev/null +++ b/examples/va/multi-namespace-skmo/components/octavia-edpm-bridge/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# OVN Octavia compute bridge overlay for EDPM nodesets. +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +patches: + - target: + kind: ConfigMap + name: edpm-nodeset-values + path: edpm-octavia-ansible-vars.yaml diff --git a/examples/va/multi-namespace-skmo/control-plane/kustomization.yaml b/examples/va/multi-namespace-skmo/control-plane/kustomization.yaml index aa7baf5ab..b403cce03 100644 --- a/examples/va/multi-namespace-skmo/control-plane/kustomization.yaml +++ b/examples/va/multi-namespace-skmo/control-plane/kustomization.yaml @@ -4,6 +4,12 @@ kind: Component components: - ../../multi-namespace/control-plane + - ../components/metallb-ctlplane-bridge + - ../../../../va/multi-namespace-skmo/octavia-controlplane + +resources: + - networking/octavia-netattach.yaml + - octavia-ca-passphrase.yaml patches: - target: diff --git a/examples/va/multi-namespace-skmo/control-plane/networking/kustomization.yaml b/examples/va/multi-namespace-skmo/control-plane/networking/kustomization.yaml new file mode 100644 index 000000000..f4b0bab6a --- /dev/null +++ b/examples/va/multi-namespace-skmo/control-plane/networking/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../multi-namespace/control-plane/networking + - octavia-netattach.yaml + +components: + - ../../components/metallb-ctlplane-bridge + - ../../../../../va/multi-namespace-skmo/networking-octavia diff --git a/examples/va/multi-namespace-skmo/control-plane/networking/nncp/kustomization.yaml b/examples/va/multi-namespace-skmo/control-plane/networking/nncp/kustomization.yaml new file mode 100644 index 000000000..0dacc1259 --- /dev/null +++ b/examples/va/multi-namespace-skmo/control-plane/networking/nncp/kustomization.yaml @@ -0,0 +1,170 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +# ci_gen_kustomize_values writes env-specific network-values to the base +# values.yaml before build (see automation vars src_file). +resources: + - ../../../../multi-namespace/control-plane/networking/nncp + +components: + - ../../../../../../va/multi-namespace-skmo/octavia-network-values + +# Octavia NNCP patches for SKMO. Select by osp/nncp-node label so patches apply +# after lib/nncp-single-nic renames node-0 -> ostest-master-0. +patches: + - target: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-0 + patch: |- + - op: add + path: /spec/desiredState/interfaces/- + value: + description: Octavia vlan host interface + name: octavia + state: up + type: vlan + vlan: + base-iface: _replaced_ + id: _replaced_ + - target: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-0 + patch: |- + - op: add + path: /spec/desiredState/interfaces/- + value: + description: Octavia bridge + mtu: 1500 + name: octbr + type: linux-bridge + bridge: + options: + stp: + enabled: false + port: + - name: octavia + - target: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-1 + patch: |- + - op: add + path: /spec/desiredState/interfaces/- + value: + description: Octavia vlan host interface + name: octavia + state: up + type: vlan + vlan: + base-iface: _replaced_ + id: _replaced_ + - target: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-1 + patch: |- + - op: add + path: /spec/desiredState/interfaces/- + value: + description: Octavia bridge + mtu: 1500 + name: octbr + type: linux-bridge + bridge: + options: + stp: + enabled: false + port: + - name: octavia + - target: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-2 + patch: |- + - op: add + path: /spec/desiredState/interfaces/- + value: + description: Octavia vlan host interface + name: octavia + state: up + type: vlan + vlan: + base-iface: _replaced_ + id: _replaced_ + - target: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-2 + patch: |- + - op: add + path: /spec/desiredState/interfaces/- + value: + description: Octavia bridge + mtu: 1500 + name: octbr + type: linux-bridge + bridge: + options: + stp: + enabled: false + port: + - name: octavia + +replacements: + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.base_iface + targets: + - select: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-0 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.base-iface + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.vlan + targets: + - select: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-0 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.id + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.base_iface + targets: + - select: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-1 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.base-iface + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.vlan + targets: + - select: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-1 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.id + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.base_iface + targets: + - select: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-2 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.base-iface + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.vlan + targets: + - select: + kind: NodeNetworkConfigurationPolicy + labelSelector: osp/nncp-node=node-2 + fieldPaths: + - spec.desiredState.interfaces.[name=octavia].vlan.id diff --git a/examples/va/multi-namespace-skmo/control-plane/networking/octavia-netattach.yaml b/examples/va/multi-namespace-skmo/control-plane/networking/octavia-netattach.yaml new file mode 100644 index 000000000..6bf7885bd --- /dev/null +++ b/examples/va/multi-namespace-skmo/control-plane/networking/octavia-netattach.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: octavia + labels: + osp/net: octavia + osp/net-attach-def-type: standard +spec: + config: | + _replaced_ diff --git a/examples/va/multi-namespace-skmo/control-plane/octavia-ca-passphrase.yaml b/examples/va/multi-namespace-skmo/control-plane/octavia-ca-passphrase.yaml new file mode 100644 index 000000000..b7db1d93d --- /dev/null +++ b/examples/va/multi-namespace-skmo/control-plane/octavia-ca-passphrase.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: octavia-ca-passphrase +type: Opaque +stringData: + server-ca-passphrase: "12345678" diff --git a/examples/va/multi-namespace-skmo/control-plane/service-values.yaml b/examples/va/multi-namespace-skmo/control-plane/service-values.yaml index 680901e2f..82be046a6 100644 --- a/examples/va/multi-namespace-skmo/control-plane/service-values.yaml +++ b/examples/va/multi-namespace-skmo/control-plane/service-values.yaml @@ -36,3 +36,21 @@ data: target_ip_address = 172.18.0.10 swift: enabled: true + glance: + customServiceConfig: | + [DEFAULT] + enabled_backends = default_backend:swift + [glance_store] + default_backend = default_backend + [default_backend] + swift_store_create_container_on_put = True + swift_store_auth_version = 3 + swift_store_auth_address = {{ .KeystoneInternalURL }} + swift_store_endpoint_type = internalURL + swift_store_user = service:glance + swift_store_key = {{ .ServicePassword }} + swift_store_region = regionOne + ovn: + ovnController: + nicMappings: + datacentre: enp9s0 diff --git a/examples/va/multi-namespace-skmo/control-plane2/kustomization.yaml b/examples/va/multi-namespace-skmo/control-plane2/kustomization.yaml index 706a12566..affeea63b 100644 --- a/examples/va/multi-namespace-skmo/control-plane2/kustomization.yaml +++ b/examples/va/multi-namespace-skmo/control-plane2/kustomization.yaml @@ -4,9 +4,13 @@ kind: Component components: - ../../multi-namespace/control-plane2 + - ../components/metallb-ctlplane-bridge + - ../../../../va/multi-namespace-skmo/octavia-controlplane resources: - skmo-values.yaml + - networking/octavia-netattach.yaml + - octavia-ca-passphrase.yaml patches: - target: diff --git a/examples/va/multi-namespace-skmo/control-plane2/networking/kustomization.yaml b/examples/va/multi-namespace-skmo/control-plane2/networking/kustomization.yaml new file mode 100644 index 000000000..7a253c93e --- /dev/null +++ b/examples/va/multi-namespace-skmo/control-plane2/networking/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../multi-namespace/control-plane2/networking + - octavia-netattach.yaml + +components: + - ../../../../../va/multi-namespace-skmo/networking-octavia diff --git a/examples/va/multi-namespace-skmo/control-plane2/networking/nncp/kustomization.yaml b/examples/va/multi-namespace-skmo/control-plane2/networking/nncp/kustomization.yaml new file mode 100644 index 000000000..b5f3340ef --- /dev/null +++ b/examples/va/multi-namespace-skmo/control-plane2/networking/nncp/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +# Octavia bridge on OCP masters is configured by central region NNCP only. +resources: + - ../../../../multi-namespace/control-plane2/networking/nncp diff --git a/examples/va/multi-namespace-skmo/control-plane2/networking/octavia-netattach.yaml b/examples/va/multi-namespace-skmo/control-plane2/networking/octavia-netattach.yaml new file mode 100644 index 000000000..6bf7885bd --- /dev/null +++ b/examples/va/multi-namespace-skmo/control-plane2/networking/octavia-netattach.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: octavia + labels: + osp/net: octavia + osp/net-attach-def-type: standard +spec: + config: | + _replaced_ diff --git a/examples/va/multi-namespace-skmo/control-plane2/octavia-ca-passphrase.yaml b/examples/va/multi-namespace-skmo/control-plane2/octavia-ca-passphrase.yaml new file mode 100644 index 000000000..b7db1d93d --- /dev/null +++ b/examples/va/multi-namespace-skmo/control-plane2/octavia-ca-passphrase.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: octavia-ca-passphrase +type: Opaque +stringData: + server-ca-passphrase: "12345678" diff --git a/examples/va/multi-namespace-skmo/control-plane2/service-values.yaml b/examples/va/multi-namespace-skmo/control-plane2/service-values.yaml index 2f914c3a1..72d8e4cd3 100644 --- a/examples/va/multi-namespace-skmo/control-plane2/service-values.yaml +++ b/examples/va/multi-namespace-skmo/control-plane2/service-values.yaml @@ -35,6 +35,10 @@ data: swift_store_user = service:glance swift_store_key = {{ .ServicePassword }} swift_store_region = regionTwo + ovn: + ovnController: + nicMappings: + datacentre: enp9s0 cinderBackup: customServiceConfig: | [DEFAULT] diff --git a/examples/va/multi-namespace-skmo/edpm/nodeset/kustomization.yaml b/examples/va/multi-namespace-skmo/edpm/nodeset/kustomization.yaml new file mode 100644 index 000000000..d0a2bdd26 --- /dev/null +++ b/examples/va/multi-namespace-skmo/edpm/nodeset/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../multi-namespace/edpm/nodeset + +components: + - ../../components/octavia-edpm-bridge diff --git a/examples/va/multi-namespace-skmo/edpm2/nodeset/kustomization.yaml b/examples/va/multi-namespace-skmo/edpm2/nodeset/kustomization.yaml new file mode 100644 index 000000000..2be70fa7b --- /dev/null +++ b/examples/va/multi-namespace-skmo/edpm2/nodeset/kustomization.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../multi-namespace/edpm2/nodeset + +components: + - ../../components/octavia-edpm-bridge diff --git a/examples/va/multi-namespace/control-plane/networking/kustomization.yaml b/examples/va/multi-namespace/control-plane/networking/kustomization.yaml index ba046620c..728f8effd 100644 --- a/examples/va/multi-namespace/control-plane/networking/kustomization.yaml +++ b/examples/va/multi-namespace/control-plane/networking/kustomization.yaml @@ -2,28 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -transformers: - # Set namespace to OpenStack on all namespaced objects without a namespace - - |- - apiVersion: builtin - kind: NamespaceTransformer - metadata: - name: _ignored_ - namespace: openstack - setRoleBindingSubjects: none - unsetOnly: true - fieldSpecs: - - path: metadata/name - kind: Namespace - create: true - - components: - - ../../../../../lib/networking/metallb/base - - ../../../../../lib/networking/metallb/ip-addresses - - ../../../../../lib/networking/metallb/l2-single-nic - - ../../../../../lib/networking/netconfig - - ../../../../../lib/networking/nad + - ../../../../../va/multi-namespace/control-plane/networking resources: - nncp/values.yaml diff --git a/va/multi-namespace-skmo/networking-octavia/kustomization.yaml b/va/multi-namespace-skmo/networking-octavia/kustomization.yaml new file mode 100644 index 000000000..7d4eb3e8b --- /dev/null +++ b/va/multi-namespace-skmo/networking-octavia/kustomization.yaml @@ -0,0 +1,61 @@ +--- +# Octavia NetConfig and NAD wiring for SKMO network-configuration stages. +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +components: + - ../octavia-network-values + +patches: + - target: + version: v1beta1 + kind: NetConfig + name: netconfig + patch: |- + - op: add + path: /spec/networks/- + value: + dnsDomain: _replaced_ + name: octavia + subnets: + - _replaced_ + mtu: 1500 + +replacements: + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.dnsDomain + targets: + - select: + kind: NetConfig + fieldPaths: + - spec.networks.[name=octavia].dnsDomain + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.mtu + targets: + - select: + kind: NetConfig + fieldPaths: + - spec.networks.[name=octavia].mtu + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.subnets + targets: + - select: + kind: NetConfig + fieldPaths: + - spec.networks.[name=octavia].subnets + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.net-attach-def + targets: + - select: + kind: NetworkAttachmentDefinition + name: octavia + fieldPaths: + - spec.config diff --git a/va/multi-namespace-skmo/octavia-controlplane/kustomization.yaml b/va/multi-namespace-skmo/octavia-controlplane/kustomization.yaml new file mode 100644 index 000000000..0fd083c5d --- /dev/null +++ b/va/multi-namespace-skmo/octavia-controlplane/kustomization.yaml @@ -0,0 +1,113 @@ +--- +# Octavia control-plane replacements shared by central and leaf OSCP stages. +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +components: + - ../octavia-network-values + - ../octavia-service-values + +replacements: + # Octavia service configuration + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.enabled + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.enabled + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.amphoraImageContainerImage + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.amphoraImageContainerImage + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.apacheContainerImage + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.apacheContainerImage + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.octaviaAPI.networkAttachments + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.octaviaAPI.networkAttachments + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.octaviaHousekeeping.networkAttachments + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.octaviaHousekeeping.networkAttachments + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.octaviaHealthManager.networkAttachments + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.octaviaHealthManager.networkAttachments + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.octavia.octaviaWorker.networkAttachments + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.octavia.template.octaviaWorker.networkAttachments + options: + create: true + + # Octavia network configuration + - source: + kind: ConfigMap + name: octavia-network-values + fieldPath: data.octavia.net-attach-def + targets: + - select: + kind: NetworkAttachmentDefinition + name: octavia + fieldPaths: + - spec.config + + # OVN nicMappings configuration + - source: + kind: ConfigMap + name: service-values + fieldPath: data.ovn.ovnController.nicMappings.octavia + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.ovn.template.ovnController.nicMappings.octavia + options: + create: true diff --git a/va/multi-namespace-skmo/octavia-network-values/kustomization.yaml b/va/multi-namespace-skmo/octavia-network-values/kustomization.yaml new file mode 100644 index 000000000..f668028db --- /dev/null +++ b/va/multi-namespace-skmo/octavia-network-values/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# Provide octavia-network-values ConfigMap for use by replacements. +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - octavia-network-values.yaml diff --git a/va/multi-namespace-skmo/octavia-network-values/octavia-network-values.yaml b/va/multi-namespace-skmo/octavia-network-values/octavia-network-values.yaml new file mode 100644 index 000000000..ebb6e985f --- /dev/null +++ b/va/multi-namespace-skmo/octavia-network-values/octavia-network-values.yaml @@ -0,0 +1,40 @@ +# local-config: octavia keys for replacements (static oc kustomize; ci-gen also adds octavia at deploy) +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: octavia-network-values + annotations: + config.kubernetes.io/local-config: "true" +data: + octavia: + dnsDomain: octavia.example.com + mtu: 1500 + vlan: 23 + base_iface: enp7s0 + subnets: + - allocationRanges: + - end: 172.23.0.250 + start: 172.23.0.100 + cidr: 172.23.0.0/24 + name: subnet1 + vlan: 23 + net-attach-def: | + { + "cniVersion": "0.3.1", + "name": "octavia", + "type": "bridge", + "bridge": "octbr", + "ipam": { + "type": "whereabouts", + "range": "172.23.0.0/24", + "range_start": "172.23.0.30", + "range_end": "172.23.0.70", + "routes": [ + { + "dst": "172.24.0.0/16", + "gw": "172.23.0.150" + } + ] + } + } diff --git a/va/multi-namespace-skmo/octavia-service-values/kustomization.yaml b/va/multi-namespace-skmo/octavia-service-values/kustomization.yaml new file mode 100644 index 000000000..ee15577d1 --- /dev/null +++ b/va/multi-namespace-skmo/octavia-service-values/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# Patch service-values ConfigMap with Octavia service parameters. +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +patches: + - target: + kind: ConfigMap + name: service-values + path: octavia-service-values.yaml diff --git a/va/multi-namespace-skmo/octavia-service-values/octavia-service-values.yaml b/va/multi-namespace-skmo/octavia-service-values/octavia-service-values.yaml new file mode 100644 index 000000000..7ac85f9e6 --- /dev/null +++ b/va/multi-namespace-skmo/octavia-service-values/octavia-service-values.yaml @@ -0,0 +1,29 @@ +# Octavia keys for service-values ConfigMap (shared by central and leaf control planes) +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: service-values + annotations: + config.kubernetes.io/local-config: "true" +data: + ovn: + ovnController: + nicMappings: + octavia: octbr + octavia: + enabled: true + amphoraImageContainerImage: quay.io/gthiemonge/octavia-amphora-image + apacheContainerImage: registry.redhat.io/ubi9/httpd-24:latest + octaviaAPI: + networkAttachments: + - internalapi + octaviaHousekeeping: + networkAttachments: + - octavia + octaviaHealthManager: + networkAttachments: + - octavia + octaviaWorker: + networkAttachments: + - octavia diff --git a/va/multi-namespace/control-plane/networking/kustomization.yaml b/va/multi-namespace/control-plane/networking/kustomization.yaml new file mode 100644 index 000000000..acd6ac906 --- /dev/null +++ b/va/multi-namespace/control-plane/networking/kustomization.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +transformers: + # Set namespace to OpenStack on all namespaced objects without a namespace + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: _ignored_ + namespace: openstack + setRoleBindingSubjects: none + unsetOnly: true + fieldSpecs: + - path: metadata/name + kind: Namespace + create: true + +components: + - ../../../../lib/networking/metallb/base + - ../../../../lib/networking/metallb/ip-addresses + - ../../../../lib/networking/metallb/l2-single-nic + - ../../../../lib/networking/netconfig + - ../../../../lib/networking/nad diff --git a/zuul.d/validations.yaml b/zuul.d/validations.yaml index 38ee631f6..30e52c1c8 100644 --- a/zuul.d/validations.yaml +++ b/zuul.d/validations.yaml @@ -189,17 +189,18 @@ files: - automation/net-env/multi-namespace-skmo.yaml - examples/va/multi-namespace-skmo/control-plane + - examples/va/multi-namespace-skmo/control-plane/networking + - examples/va/multi-namespace-skmo/control-plane/networking/nncp - examples/va/multi-namespace-skmo/control-plane2 - - examples/va/multi-namespace/control-plane/networking - - examples/va/multi-namespace/control-plane/networking/nncp - - examples/va/multi-namespace/control-plane2/networking - - examples/va/multi-namespace/control-plane2/networking/nncp + - examples/va/multi-namespace-skmo/control-plane2/networking + - examples/va/multi-namespace-skmo/control-plane2/networking/nncp + - examples/va/multi-namespace-skmo/edpm/nodeset + - examples/va/multi-namespace-skmo/edpm2/nodeset - examples/va/multi-namespace/edpm - - examples/va/multi-namespace/edpm/nodeset - examples/va/multi-namespace/edpm2 - - examples/va/multi-namespace/edpm2/nodeset - examples/va/multi-namespace/namespace - lib + - va/multi-namespace-skmo name: rhoso-architecture-validate-multi-namespace-skmo parent: rhoso-architecture-base-job vars: