Skip to content

Add octavia service to SKMO central and leaf regions#759

Open
vakwetu wants to merge 1 commit into
openstack-k8s-operators:mainfrom
vakwetu:add-octavia-to-skmo
Open

Add octavia service to SKMO central and leaf regions#759
vakwetu wants to merge 1 commit into
openstack-k8s-operators:mainfrom
vakwetu:add-octavia-to-skmo

Conversation

@vakwetu

@vakwetu vakwetu commented May 14, 2026

Copy link
Copy Markdown
Contributor

Add OVN Octavia networking for SKMO multi-region deployment
Compose SKMO overlays on multi-namespace bases with small components for
Octavia NNCP, EDPM octbr bridge mappings, and network-values patches.
NNCP stages reuse base values.yaml templates; octavia-network-values
component keeps kustomize load-restrictor-safe paths for CI kustomize_deploy.

Signed-off-by: Ade Lee alee@redhat.com
Assisted-by: Claude Sonnet 4.6 noreply@anthropic.com

@openshift-ci openshift-ci Bot requested review from abays and leifmadsen May 14, 2026 23:23
@openshift-ci

openshift-ci Bot commented May 14, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vakwetu
Once this PR has been reviewed and has the lgtm label, please assign abays for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@vakwetu vakwetu requested review from fultonj and removed request for abays and leifmadsen May 14, 2026 23:23
@vakwetu vakwetu requested review from beagles and gthiemonge May 14, 2026 23:26
@vakwetu

vakwetu commented May 14, 2026

Copy link
Copy Markdown
Contributor Author

hey @beagles and @gthiemonge . I'm adding octavia to the skmo ci job. Still testing - but can you confirm I've done everything I need to do. Thanks.

@centosinfra-prod-github-app

Copy link
Copy Markdown
Contributor

This change depends on a change that failed to merge.

Change openstack-k8s-operators/ci-framework#3965 is needed.

@fultonj

fultonj commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

I'd like to hear from the octavia experts on this patch first.

@fultonj

fultonj commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Waiting for octavia experts to review

@gthiemonge

Copy link
Copy Markdown
Contributor

/lgtm

@abays

abays commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

recheck

Logs for old failure no longer exist. Let's try again and review logs if necessary.

@abays

abays commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

If @vakwetu is satisfied with testing, LGTM

@vakwetu vakwetu force-pushed the add-octavia-to-skmo branch from e9471c4 to a20043c Compare June 8, 2026 22:12
vakwetu added a commit to vakwetu/ci-framework that referenced this pull request Jun 8, 2026
Add EDPM recreate hook and extend network-values templates for Octavia
NAD generation. Leaf-region Tempest config lives in ci-framework-jobs
05-tests.yaml; reproducer uses post_tests: [] like the uni job.

Depends-On: openstack-k8s-operators/architecture#759

Signed-off-by: Ade Lee <alee@redhat.com>
Assisted-by: Claude Opus 4.6
@openshift-ci openshift-ci Bot removed the lgtm label Jun 8, 2026
@centosinfra-prod-github-app

Copy link
Copy Markdown
Contributor

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/7c321be332614987b0860e7e422d6d66

✔️ noop SUCCESS in 0s
rhoso-architecture-validate-multi-namespace-skmo FAILURE in 5m 00s

@Deydra71

Copy link
Copy Markdown

@abays it did, but not successfully yet. Tho it's failing on federation part after successfully configuring Octavia. There's currently a federation bug that's being fixed --> openstack-k8s-operators/ci-framework#4006 so if we want full test project run we need to wait a bit

kind: Component

components:
- ../../../examples/va/multi-namespace-skmo/components/octavia-network-values

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an anti-pattern in regards to the architecture repo layout. Rather than this kustomizaton.yaml depending on the values from the examples dir, the ../../../examples/va/multi-namespace-skmo/components/octavia-network-values/kustomization.yaml file should depend on this dir (va/multi-namespace-skmo/networking-octavia) and should include its own octavia-network-values.yaml in its list of resources.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Octavia replacement blocks in this file and examples/va/multi-namespace-skmo/control-plane2/kustomization.yaml are identical. While not a blocking issue, it might be cleaner if that config could be extracted to a higher-level common kustomization.yaml that both sub-dirs could then include as a resource/component. In fact, it could be placed in va/multi-namespace-skmo and moved out of examples entirely, which would make the inclusion cleaner too.

@Deydra71 Deydra71 force-pushed the add-octavia-to-skmo branch 3 times, most recently from a9c9641 to 6da0165 Compare June 23, 2026 14:22
@Deydra71

Copy link
Copy Markdown

Had to move octavia-ca-passphrase Secret from secretGenerator in va/octavia-controlplane to a direct resource file in each control-plane directory so the NamespaceTransformer correctly sets the namespace

@Deydra71 Deydra71 force-pushed the add-octavia-to-skmo branch from 6da0165 to 40c306d Compare June 24, 2026 08:57
@Deydra71

Copy link
Copy Markdown

Had to disable edpm nodes FQDN validation

@Deydra71 Deydra71 force-pushed the add-octavia-to-skmo branch 2 times, most recently from fa4b45c to 1a98f8b Compare June 25, 2026 09:14

@abays abays Jun 29, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When this is built (via [1]), there is no associated NamespaceTransformer. As a result, it has no metadata.namespace, which could be a problem.

[1] https://github.com/openstack-k8s-operators/architecture/pull/759/changes#diff-75710097274171eb9c7de73d522ead572beeb47ab2ee818a8d458a14359ddd4f

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understood, will add the namespace directly

@abays abays Jun 29, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When this is built (via [1]), there is no associated NamespaceTransformer. As a result, it has no metadata.namespace, which could be a problem.

[1] https://github.com/openstack-k8s-operators/architecture/pull/759/changes#diff-7a39d8689d0ab40481d5adb8501faa7ba4317ce05bb6b3754f1b371f886db5d8

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*values.yaml should ideally exist in the examples dir and not in va, dt or lib dirs. The *values.yaml files are exposed in the examples dir as the interfaces for user customization.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*values.yaml should ideally exist in the examples dir and not in va, dt or lib dirs. The *values.yaml files are exposed in the examples dir as the interfaces for user customization. Perhaps you had a specific reason for doing this though, as I see it was done a few times with different *values.yaml files. Could you explain the rationale behind it?

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No rationale, I moved them to va/ during the first refactoring to build the octavia-controlplane component chain, but didn't realize it belongs examples dir by convention, will move.

octavia:
dnsDomain: octavia.example.com
mtu: 1500
vlan: 23

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This vlan: 23 is defined here and consumed in [1]. But if this value was changed to something else, I see that it would still be hard-coded to 23 here [2]. Not a blocking issue, but just something to be aware of.

[1] https://github.com/openstack-k8s-operators/architecture/pull/759/changes#diff-f56986a4376344555d922a11476626568461efa2c013fcf4ecd8720cbe518209R141-R150
[2] https://github.com/openstack-k8s-operators/architecture/pull/759/changes#diff-78a76258db67b22a42639a642b302d2e51593283370201c3da20951ebbaad255R56

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this missing a resource or component to add the Octavia interface to the OCP nodes via NNCPs?

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is by design, Octavia bridge is configured by central region NNCP only, since all OCP nodes share the same network, so only one is needed (?)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That could be. I defer to you and Ade, so do whatever you think is right.

Comment on lines +53 to +56
ovn:
ovnController:
nicMappings:
datacentre: enp9s0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see this being used anywhere.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not, forgot to remove after refactor

Comment on lines +38 to +41
ovn:
ovnController:
nicMappings:
datacentre: enp9s0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is this used?


edpm_nodes_validation_validate_controllers_icmp: false
edpm_nodes_validation_validate_gateway_icmp: false
edpm_nodes_validation_check_for_fqdn: false

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was it intentional to change the non-SKMO multi-namespace VA here as well?

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see why it's wrong now, since it's shared it's diabled for the other VA as well... I will add the edpm_nodes_validation_check_for_fqdn: false override to multi-namespace-skmo/components/octavia-edpm-bridge/edpm-octavia-ansible-vars.yaml

@Deydra71 Deydra71 Jun 29, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually that probably won't work either, it doesn't appear in the rendered NodeSet output.

Can we add a replacement in each SKMO edpm kustomization that sources from ConfigMap e.g. skmo-edpm-overrides.yaml and injects edpm_nodes_validation_check_for_fqdn: false directly into the OpenStackDataPlaneNodeSet ?


edpm_nodes_validation_validate_controllers_icmp: false
edpm_nodes_validation_validate_gateway_icmp: false
edpm_nodes_validation_check_for_fqdn: false

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was it intentional to change the non-SKMO multi-namespace VA here as well?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All the config here is identical across all three nodes. Do we need to use a label selector? Could we just drop the labelSelector and apply to all nodes? Or are there OCP nodes we don't want to target, and hence the specific selectors?

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at it, the selectors really seem redundant. However I'm not sure about @vakwetu originial idea/purpose (maybe for future testing expansion), so I'd keep it if it's not a blocker.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No worries. We can always improve it later in a follow-up if @vakwetu agrees.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vakwetu confirmed that labelSelector has no purpose, so I removed it

@Deydra71 Deydra71 force-pushed the add-octavia-to-skmo branch 2 times, most recently from 63fe6b0 to ba0724c Compare July 1, 2026 13:47
@Deydra71

Deydra71 commented Jul 1, 2026

Copy link
Copy Markdown

@abays I addressed the comments above and also created newcomponents dir under examples/va/multi-namespace-skmo/ because octavia values are consumed by multiple independent kustomize build targets, so each build stage can include the ConfigMap into its own scope withou t duplication. Let me please know if it's okay with you.

Add reusable va/ components for Octavia:
- networking-octavia: NetConfig skeleton and NAD replacements
- octavia-controlplane: shared OSCP replacements (service config, images,
  network attachments, OVN nicMappings, CA passphrase secret)

Add user-facing values under examples/va/multi-namespace-skmo/components/:
- octavia-network-values: dedicated ConfigMap with network parameters
- octavia-service-values: dedicated ConfigMap with service parameters

Wire Octavia into examples/va/multi-namespace-skmo: control-plane networking
(NAD, NetConfig, NNCP), EDPM bridge mapping.

Scope edpm_nodes_validation_check_for_fqdn override to SKMO only via
kustomize replacement (SKMO EDPM nodes cannot resolve FQDN during
validate-network due to MetalLB L2 timing with Octavia networking).

Signed-off-by: Ade Lee <alee@redhat.com>
Assisted-by: Claude Opus 4.6
@Deydra71 Deydra71 force-pushed the add-octavia-to-skmo branch from ba0724c to 5f07fb1 Compare July 2, 2026 13:49

@abays abays left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@fultonj Do you want to review, or should I approve?

@openshift-ci openshift-ci Bot added the lgtm label Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants