Add octavia service to SKMO central and leaf regions#759
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: vakwetu The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
hey @beagles and @gthiemonge . I'm adding octavia to the skmo ci job. Still testing - but can you confirm I've done everything I need to do. Thanks. |
424a81b to
e9471c4
Compare
|
This change depends on a change that failed to merge. Change openstack-k8s-operators/ci-framework#3965 is needed. |
|
I'd like to hear from the octavia experts on this patch first. |
|
Waiting for octavia experts to review |
|
/lgtm |
|
recheck Logs for old failure no longer exist. Let's try again and review logs if necessary. |
|
If @vakwetu is satisfied with testing, LGTM |
e9471c4 to
a20043c
Compare
Add EDPM recreate hook and extend network-values templates for Octavia NAD generation. Leaf-region Tempest config lives in ci-framework-jobs 05-tests.yaml; reproducer uses post_tests: [] like the uni job. Depends-On: openstack-k8s-operators/architecture#759 Signed-off-by: Ade Lee <alee@redhat.com> Assisted-by: Claude Opus 4.6
|
Build failed (check pipeline). Post ✔️ noop SUCCESS in 0s |
a20043c to
90d5ca6
Compare
|
@abays it did, but not successfully yet. Tho it's failing on federation part after successfully configuring Octavia. There's currently a federation bug that's being fixed --> openstack-k8s-operators/ci-framework#4006 so if we want full test project run we need to wait a bit |
| kind: Component | ||
|
|
||
| components: | ||
| - ../../../examples/va/multi-namespace-skmo/components/octavia-network-values |
There was a problem hiding this comment.
This is an anti-pattern in regards to the architecture repo layout. Rather than this kustomizaton.yaml depending on the values from the examples dir, the ../../../examples/va/multi-namespace-skmo/components/octavia-network-values/kustomization.yaml file should depend on this dir (va/multi-namespace-skmo/networking-octavia) and should include its own octavia-network-values.yaml in its list of resources.
There was a problem hiding this comment.
The Octavia replacement blocks in this file and examples/va/multi-namespace-skmo/control-plane2/kustomization.yaml are identical. While not a blocking issue, it might be cleaner if that config could be extracted to a higher-level common kustomization.yaml that both sub-dirs could then include as a resource/component. In fact, it could be placed in va/multi-namespace-skmo and moved out of examples entirely, which would make the inclusion cleaner too.
a9c9641 to
6da0165
Compare
|
Had to move |
6da0165 to
40c306d
Compare
|
Had to disable edpm nodes FQDN validation |
fa4b45c to
1a98f8b
Compare
There was a problem hiding this comment.
When this is built (via [1]), there is no associated NamespaceTransformer. As a result, it has no metadata.namespace, which could be a problem.
There was a problem hiding this comment.
Understood, will add the namespace directly
There was a problem hiding this comment.
When this is built (via [1]), there is no associated NamespaceTransformer. As a result, it has no metadata.namespace, which could be a problem.
There was a problem hiding this comment.
*values.yaml should ideally exist in the examples dir and not in va, dt or lib dirs. The *values.yaml files are exposed in the examples dir as the interfaces for user customization.
There was a problem hiding this comment.
*values.yaml should ideally exist in the examples dir and not in va, dt or lib dirs. The *values.yaml files are exposed in the examples dir as the interfaces for user customization. Perhaps you had a specific reason for doing this though, as I see it was done a few times with different *values.yaml files. Could you explain the rationale behind it?
There was a problem hiding this comment.
No rationale, I moved them to va/ during the first refactoring to build the octavia-controlplane component chain, but didn't realize it belongs examples dir by convention, will move.
| octavia: | ||
| dnsDomain: octavia.example.com | ||
| mtu: 1500 | ||
| vlan: 23 |
There was a problem hiding this comment.
This vlan: 23 is defined here and consumed in [1]. But if this value was changed to something else, I see that it would still be hard-coded to 23 here [2]. Not a blocking issue, but just something to be aware of.
[1] https://github.com/openstack-k8s-operators/architecture/pull/759/changes#diff-f56986a4376344555d922a11476626568461efa2c013fcf4ecd8720cbe518209R141-R150
[2] https://github.com/openstack-k8s-operators/architecture/pull/759/changes#diff-78a76258db67b22a42639a642b302d2e51593283370201c3da20951ebbaad255R56
There was a problem hiding this comment.
Is this missing a resource or component to add the Octavia interface to the OCP nodes via NNCPs?
There was a problem hiding this comment.
I think this is by design, Octavia bridge is configured by central region NNCP only, since all OCP nodes share the same network, so only one is needed (?)
There was a problem hiding this comment.
That could be. I defer to you and Ade, so do whatever you think is right.
| ovn: | ||
| ovnController: | ||
| nicMappings: | ||
| datacentre: enp9s0 |
There was a problem hiding this comment.
I don't see this being used anywhere.
There was a problem hiding this comment.
It's not, forgot to remove after refactor
| ovn: | ||
| ovnController: | ||
| nicMappings: | ||
| datacentre: enp9s0 |
|
|
||
| edpm_nodes_validation_validate_controllers_icmp: false | ||
| edpm_nodes_validation_validate_gateway_icmp: false | ||
| edpm_nodes_validation_check_for_fqdn: false |
There was a problem hiding this comment.
Was it intentional to change the non-SKMO multi-namespace VA here as well?
There was a problem hiding this comment.
I see why it's wrong now, since it's shared it's diabled for the other VA as well... I will add the edpm_nodes_validation_check_for_fqdn: false override to multi-namespace-skmo/components/octavia-edpm-bridge/edpm-octavia-ansible-vars.yaml
There was a problem hiding this comment.
Actually that probably won't work either, it doesn't appear in the rendered NodeSet output.
Can we add a replacement in each SKMO edpm kustomization that sources from ConfigMap e.g. skmo-edpm-overrides.yaml and injects edpm_nodes_validation_check_for_fqdn: false directly into the OpenStackDataPlaneNodeSet ?
|
|
||
| edpm_nodes_validation_validate_controllers_icmp: false | ||
| edpm_nodes_validation_validate_gateway_icmp: false | ||
| edpm_nodes_validation_check_for_fqdn: false |
There was a problem hiding this comment.
Was it intentional to change the non-SKMO multi-namespace VA here as well?
There was a problem hiding this comment.
All the config here is identical across all three nodes. Do we need to use a label selector? Could we just drop the labelSelector and apply to all nodes? Or are there OCP nodes we don't want to target, and hence the specific selectors?
There was a problem hiding this comment.
Looking at it, the selectors really seem redundant. However I'm not sure about @vakwetu originial idea/purpose (maybe for future testing expansion), so I'd keep it if it's not a blocker.
There was a problem hiding this comment.
No worries. We can always improve it later in a follow-up if @vakwetu agrees.
There was a problem hiding this comment.
@vakwetu confirmed that labelSelector has no purpose, so I removed it
63fe6b0 to
ba0724c
Compare
|
@abays I addressed the comments above and also created new |
Add reusable va/ components for Octavia: - networking-octavia: NetConfig skeleton and NAD replacements - octavia-controlplane: shared OSCP replacements (service config, images, network attachments, OVN nicMappings, CA passphrase secret) Add user-facing values under examples/va/multi-namespace-skmo/components/: - octavia-network-values: dedicated ConfigMap with network parameters - octavia-service-values: dedicated ConfigMap with service parameters Wire Octavia into examples/va/multi-namespace-skmo: control-plane networking (NAD, NetConfig, NNCP), EDPM bridge mapping. Scope edpm_nodes_validation_check_for_fqdn override to SKMO only via kustomize replacement (SKMO EDPM nodes cannot resolve FQDN during validate-network due to MetalLB L2 timing with Octavia networking). Signed-off-by: Ade Lee <alee@redhat.com> Assisted-by: Claude Opus 4.6
ba0724c to
5f07fb1
Compare
Add OVN Octavia networking for SKMO multi-region deployment
Compose SKMO overlays on multi-namespace bases with small components for
Octavia NNCP, EDPM octbr bridge mappings, and network-values patches.
NNCP stages reuse base values.yaml templates; octavia-network-values
component keeps kustomize load-restrictor-safe paths for CI kustomize_deploy.
Signed-off-by: Ade Lee alee@redhat.com
Assisted-by: Claude Sonnet 4.6 noreply@anthropic.com