Removing lbaasv2 related code

LBaaSv2 was deprecated in favor of Octavia. This patch is removing the remaining gates for lbaasv2 and the specific code for handling the services when haproxy was used Implements: blueprint remove-lbaasv2 Change-Id: I601a62640838557697887aea1a778e67449f68a5
2019-01-16 16:40:03 +01:00 · 2019-01-16 16:40:03 +01:00 · 176b860083
parent 571079d9cb
commit 176b860083
14 changed files with 238 additions and 388 deletions
--- a/.zuul.d/lbaasv2.yaml
+++ b/.zuul.d/lbaasv2.yaml
@ -1,39 +0,0 @@
-# Copyright 2018 Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
- job:
-    name: kuryr-kubernetes-tempest-lbaasv2
-    parent: kuryr-kubernetes-tempest-base
-    description: |
-      Kuryr-Kubernetes tempest job using lbaasv2
-    host-vars:
-      controller:
-        devstack_plugins:
-          neutron-lbaas: https://git.openstack.org/openstack/neutron-lbaas
-    vars:
-      devstack_localrc:
-          NEUTRON_LBAAS_SERVICE_PROVIDERV2: 'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default'
-          KURYR_K8S_LBAAS_USE_OCTAVIA: False
-      devstack_services:
-        q-lbaasv2: true
-        kuryr-daemon: false
-
- job:
-    name: kuryr-kubernetes-tempest-daemon-lbaasv2
-    parent: kuryr-kubernetes-tempest-lbaasv2
-    description: |
-      Kuryr-Kubernetes tempest job using lbaasv2 and CNI daemon
-    vars:
-      devstack_services:
-        kuryr-daemon: true
--- a/.zuul.d/project.yaml
+++ b/.zuul.d/project.yaml
@ -19,7 +19,6 @@
        - kuryr-kubernetes-tempest-octavia
        - kuryr-kubernetes-tempest-daemon-octavia
        - kuryr-kubernetes-tempest-daemon-openshift-octavia
-        - kuryr-kubernetes-tempest-daemon-lbaasv2
        - kuryr-kubernetes-tempest-daemon-containerized-octavia
        - kuryr-kubernetes-tempest-daemon-containerized-ovn
        - kuryr-kubernetes-tempest-daemon-octavia-py36
@ -30,7 +29,6 @@
      jobs:
        - kuryr-kubernetes-tempest-octavia
        - kuryr-kubernetes-tempest-daemon-octavia
-        - kuryr-kubernetes-tempest-daemon-lbaasv2
        - kuryr-kubernetes-tempest-daemon-containerized-octavia
        - kuryr-kubernetes-tempest-daemon-octavia-py36
        - kuryr-kubernetes-tempest-daemon-containerized-octavia-py36
--- a/devstack/lib/kuryr_kubernetes
+++ b/devstack/lib/kuryr_kubernetes
@ -40,11 +40,7 @@ function ovs_bind_for_kubelet() {
        kubelet-"${HOSTNAME}")
    # Need to enable Amphorae subnet access to the kubelet iface for API
    # access
-    local use_octavia
-    use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
-    if [[ "$use_octavia" == "True" ]]; then
-        openstack port set "$port_id" --security-group service_pod_access
-    fi
+    openstack port set "$port_id" --security-group service_pod_access
    if [[ "$KURYR_SG_DRIVER" == "namespace" ]]; then
        openstack port set "$port_id" --security-group allow_from_namespace
        openstack port set "$port_id" --security-group allow_from_default
@ -293,22 +289,6 @@ function create_k8s_subnet {
              "Failed to enable routing for K8s ${subnet_name} subnet"
 }

-# create_k8s_router_fake_service
-#   Description: Creates an endpoint-less kubernetes service to keep Kubernetes
-#                API server from allocating the service subnet router IP for
-#                another service
-function create_k8s_router_fake_service {
-    local router_ip
-    local fake_svc_name
-
-    fake_svc_name='kuryr-svc-router'
-    router_ip=$(openstack --os-cloud devstack-admin \
-        --os-region "$REGION_NAME" \
-        subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \
-        -f value -c gateway_ip)
-    create_k8s_fake_service $fake_svc_name $router_ip
-}
-
 # create_k8s_fake_service
 #   Description: Creates an endpoint-less kubernetes service to keep Kubernetes
 #                API server from allocating this IP for another service
@ -875,14 +855,8 @@ function lb_state {
    local lb_id

    lb_id="$1"
-    # Checks Neutron lbaas for the Load balancer state
-    if is_service_enabled octavia; then
-        openstack loadbalancer show "$lb_id" | \
-            awk '/provisioning_status/ {print $4}'
-    else
-        neutron lbaas-loadbalancer-show "$lb_id" | \
-            awk '/provisioning_status/ {print $4}'
-    fi
+    openstack loadbalancer show "$lb_id" | \
+        awk '/provisioning_status/ {print $4}'
 }

 function wait_for_lb {
@ -933,13 +907,8 @@ function create_load_balancer {
        lb_params+=" --vip-address $4"
    fi

-    if is_service_enabled octavia; then
-        lb_params+=" --project ${project_id} --vip-subnet-id $lb_vip_subnet"
-        openstack loadbalancer create $lb_params
-    else
-        lb_params+=" --tenant-id ${project_id} $lb_vip_subnet"
-        neutron lbaas-loadbalancer-create $lb_params
-    fi
+    lb_params+=" --project ${project_id} --vip-subnet-id $lb_vip_subnet"
+    openstack loadbalancer create $lb_params
 }

 # create_load_balancer_listener
@ -972,20 +941,12 @@ function create_load_balancer_listener {
    # Octavia needs the LB to be active for the listener
    wait_for_lb $lb $max_timeout

-    if is_service_enabled octavia; then
-        openstack loadbalancer listener create --name "$name" \
-            --protocol "$protocol" \
-            --protocol-port "$port" \
-            --timeout-client-data "$data_timeouts" \
-            --timeout-member-data "$data_timeouts" \
-            "$lb"
-    else
-        neutron lbaas-listener-create --name "$name" \
-            --protocol "$protocol" \
-            --protocol-port "$port" \
-            --tenant-id "$project_id" \
-            --loadbalancer "$lb"
-    fi
+    openstack loadbalancer listener create --name "$name" \
+        --protocol "$protocol" \
+        --protocol-port "$port" \
+        --timeout-client-data "$data_timeouts" \
+        --timeout-member-data "$data_timeouts" \
+        "$lb"
 }

 # create_load_balancer_pool
@ -1018,19 +979,10 @@ function create_load_balancer_pool {
    # We must wait for the LB to be active before we can put a Pool for it
    wait_for_lb $lb

-    if is_service_enabled octavia; then
-        openstack loadbalancer pool create --name "$name" \
-            --listener "$listener" \
-            --protocol "$protocol" \
-            --lb-algorithm "$algorithm"
-    else
-        neutron lbaas-pool-create --name "$name" \
-            --loadbalancer "$lb" \
-            --listener "$listener" \
-            --protocol "$protocol" \
-            --tenant-id "$project_id" \
-            --lb-algorithm "$algorithm"
-    fi
+    openstack loadbalancer pool create --name "$name" \
+        --listener "$listener" \
+        --protocol "$protocol" \
+        --lb-algorithm "$algorithm"
 }

 # create_load_balancer_member
@ -1063,19 +1015,10 @@ function create_load_balancer_member {
    # We must wait for the pool creation update before we can add members
    wait_for_lb $lb

-    if is_service_enabled octavia; then
-        openstack loadbalancer member create --name "$name" \
-            --address "$address" \
-            --protocol-port "$port" \
-            "$pool"
-    else
-        neutron lbaas-member-create --name "$name" \
-            --subnet "$subnet" \
-            --address "$address" \
-            --protocol-port "$port" \
-            --tenant-id "$project_id" \
-            "$pool"
-    fi
+    openstack loadbalancer member create --name "$name" \
+        --address "$address" \
+        --protocol-port "$port" \
+        "$pool"
 }

 # split_subnet
@ -1111,11 +1054,7 @@ function get_loadbalancer_attribute {
    lb_name="$1"
    lb_attr="$2"

-    if is_service_enabled octavia; then
-        openstack loadbalancer show "$lb_name" -c "$lb_attr" -f value
-    else
-        neutron lbaas-loadbalancer-show "$lb_name" -c "$lb_attr" -f value
-    fi
+    openstack loadbalancer show "$lb_name" -c "$lb_attr" -f value
 }

 # openshift_node_set_dns_config
--- a/devstack/local.conf.df.sample
+++ b/devstack/local.conf.df.sample
@ -53,40 +53,32 @@ TUNNEL_TYPE=vxlan
 DF_SELECTIVE_TOPO_DIST=False

 # OCTAVIA
-KURYR_K8S_LBAAS_USE_OCTAVIA=False
 # Uncomment it to use L2 communication between loadbalancer and member pods
 # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2

-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    # Octavia LBaaSv2
-    LIBS_FROM_GIT+=python-octaviaclient
-    enable_plugin octavia https://git.openstack.org/openstack/octavia
-    enable_service octavia
-    enable_service o-api
-    enable_service o-cw
-    enable_service o-hm
-    enable_service o-hk
-    ## Octavia Deps
-    ### Image
-    ### Barbican
-    enable_plugin barbican https://git.openstack.org/openstack/barbican
-    ### Nova
-    enable_service n-api
-    enable_service n-api-meta
-    enable_service n-cpu
-    enable_service n-cond
-    enable_service n-sch
-    enable_service placement-api
-    enable_service placement-client
-    ### Glance
-    enable_service g-api
-    enable_service g-reg
-else
-    # LBaaSv2 service and Haproxy agent
-    enable_plugin neutron-lbaas \
-        git://git.openstack.org/openstack/neutron-lbaas
-    enable_service q-lbaasv2
-fi
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg

 # By default use all the services from the kuryr-kubernetes plugin

@ -211,11 +203,7 @@ enable_service kuryr-daemon

 # Increase Octavia amphorae timeout so that the first LB amphora has time to
 # build and boot
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
-else
-    NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
-fi
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"

 [[post-config|$OCTAVIA_CONF]]
 [controller_worker]
--- a/devstack/local.conf.openshift.sample
+++ b/devstack/local.conf.openshift.sample
@ -34,40 +34,32 @@ enable_service q-l3
 enable_service q-svc

 # OCTAVIA
-KURYR_K8S_LBAAS_USE_OCTAVIA=True
 # Uncomment it to use L2 communication between loadbalancer and member pods
 # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2

-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    # Octavia LBaaSv2
-    LIBS_FROM_GIT+=python-octaviaclient
-    enable_plugin octavia https://git.openstack.org/openstack/octavia
-    enable_service octavia
-    enable_service o-api
-    enable_service o-cw
-    enable_service o-hm
-    enable_service o-hk
-    ## Octavia Deps
-    ### Image
-    ### Barbican
-    enable_plugin barbican https://git.openstack.org/openstack/barbican
-    ### Nova
-    enable_service n-api
-    enable_service n-api-meta
-    enable_service n-cpu
-    enable_service n-cond
-    enable_service n-sch
-    enable_service placement-api
-    enable_service placement-client
-    ### Glance
-    enable_service g-api
-    enable_service g-reg
-else
-    # LBaaSv2 service and Haproxy agent
-    enable_plugin neutron-lbaas \
-        git://git.openstack.org/openstack/neutron-lbaas
-    enable_service q-lbaasv2
-fi
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg


 # Keystone
@ -216,11 +208,7 @@ enable_service kuryr-daemon

 # Increase Octavia amphorae timeout so that the first LB amphora has time to
 # build and boot
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
-else
-    NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
-fi
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"

 [[post-config|$OCTAVIA_CONF]]
 [controller_worker]
--- a/devstack/local.conf.ovn.sample
+++ b/devstack/local.conf.ovn.sample
@ -42,8 +42,6 @@ enable_service q-svc
 VAR_RUN_PATH=/usr/local/var/run

 # OCTAVIA
-KURYR_K8S_LBAAS_USE_OCTAVIA=True
-
 # Uncomment it to use L2 communication between loadbalancer and member pods
 # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2

@ -64,36 +62,29 @@ KURYR_K8S_LBAAS_USE_OCTAVIA=True



-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    # Octavia LBaaSv2
-    LIBS_FROM_GIT+=python-octaviaclient
-    enable_plugin octavia https://git.openstack.org/openstack/octavia
-    enable_service octavia
-    enable_service o-api
-    enable_service o-cw
-    enable_service o-hm
-    enable_service o-hk
-    ## Octavia Deps
-    ### Image
-    ### Barbican
-    enable_plugin barbican https://git.openstack.org/openstack/barbican
-    ### Nova
-    enable_service n-api
-    enable_service n-api-meta
-    enable_service n-cpu
-    enable_service n-cond
-    enable_service n-sch
-    enable_service placement-api
-    enable_service placement-client
-    ### Glance
-    enable_service g-api
-    enable_service g-reg
-else
-    # LBaaSv2 service and Haproxy agent
-    enable_plugin neutron-lbaas \
-        git://git.openstack.org/openstack/neutron-lbaas
-    enable_service q-lbaasv2
-fi
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg


 # Keystone
@ -248,11 +239,7 @@ KURYR_K8S_CONTAINERIZED_DEPLOYMENT=True

 # Increase Octavia amphorae timeout so that the first LB amphora has time to
 # build and boot
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
-else
-    NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
-fi
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"

 [[post-config|$OCTAVIA_CONF]]
 [controller_worker]
--- a/devstack/local.conf.pod-in-vm.undercloud.df.sample
+++ b/devstack/local.conf.pod-in-vm.undercloud.df.sample
@ -30,10 +30,39 @@ disable_service q-agt
 # We have to disable the neutron dhcp agent. DF does not use the dhcp agent.
 disable_service q-dhcp

-# LBaaSv2 service and Haproxy agent
-enable_plugin neutron-lbaas git://git.openstack.org/openstack/neutron-lbaas
-enable_service q-lbaasv2
-NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+# Current Octavia image generation using diskimage-builder is broken ATM
+# You can fetch a precreated qcow image from here [1] and set up octavia to
+# use it by uncommenting the following lines.
+# [1] https://tarballs.openstack.org/octavia/test-images/
+#             test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_SIZE=3
+# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg
+
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"

 # Enable heat services if you want to deploy overcloud using Heat stack
 enable_plugin heat https://git.openstack.org/openstack/heat
--- a/devstack/local.conf.pod-in-vm.undercloud.ovn.sample
+++ b/devstack/local.conf.pod-in-vm.undercloud.ovn.sample
@ -39,9 +39,37 @@ disable_service q-meta
 enable_plugin neutron https://git.openstack.org/openstack/neutron
 enable_service q-trunk

+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+# Current Octavia image generation using diskimage-builder is broken ATM
+# You can fetch a precreated qcow image from here [1] and set up octavia to
+# use it by uncommenting the following lines.
+# [1] https://tarballs.openstack.org/octavia/test-images/
+#             test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_SIZE=3
+# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg
+
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"

-# LBaaSv2 service and Haproxy agent
-enable_plugin neutron-lbaas \
-    git://git.openstack.org/openstack/neutron-lbaas
-enable_service q-lbaasv2
-NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
--- a/devstack/local.conf.pod-in-vm.undercloud.sample
+++ b/devstack/local.conf.pod-in-vm.undercloud.sample
@ -21,11 +21,39 @@ TUNNEL_TYPE=vxlan
 # Enable Keystone v3
 IDENTITY_API_VERSION=3

-# LBaaSv2 service and Haproxy agent
-enable_plugin neutron-lbaas \
-    git://git.openstack.org/openstack/neutron-lbaas
-enable_service q-lbaasv2
-NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+# Current Octavia image generation using diskimage-builder is broken ATM
+# You can fetch a precreated qcow image from here [1] and set up octavia to
+# use it by uncommenting the following lines.
+# [1] https://tarballs.openstack.org/octavia/test-images/
+#             test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_SIZE=3
+# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg
+
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"

 [[post-config|/$Q_PLUGIN_CONF_FILE]]
 [securitygroup]
--- a/devstack/local.conf.sample
+++ b/devstack/local.conf.sample
@ -38,48 +38,40 @@ enable_service q-svc
 # VAR_RUN_PATH=/var/run

 # OCTAVIA
-KURYR_K8S_LBAAS_USE_OCTAVIA=True
 # Uncomment it to use L2 communication between loadbalancer and member pods
 # KURYR_K8S_OCTAVIA_MEMBER_MODE=L2

-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    # Octavia LBaaSv2
-    LIBS_FROM_GIT+=python-octaviaclient
-    enable_plugin octavia https://git.openstack.org/openstack/octavia
-    enable_service octavia
-    enable_service o-api
-    enable_service o-cw
-    enable_service o-hm
-    enable_service o-hk
-    ## Octavia Deps
-    # Current Octavia image generation using diskimage-builder is broken ATM
-    # You can fetch a precreated qcow image from here [1] and set up octavia to
-    # use it by uncommenting the following lines.
-    # [1] https://tarballs.openstack.org/octavia/test-images/
-    #             test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
-    # OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
-    # OCTAVIA_AMP_IMAGE_SIZE=3
-    # OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
-    ### Image
-    ### Barbican
-    enable_plugin barbican https://git.openstack.org/openstack/barbican
-    ### Nova
-    enable_service n-api
-    enable_service n-api-meta
-    enable_service n-cpu
-    enable_service n-cond
-    enable_service n-sch
-    enable_service placement-api
-    enable_service placement-client
-    ### Glance
-    enable_service g-api
-    enable_service g-reg
-else
-    # LBaaSv2 service and Haproxy agent
-    enable_plugin neutron-lbaas \
-        git://git.openstack.org/openstack/neutron-lbaas
-    enable_service q-lbaasv2
-fi
+# Octavia LBaaSv2
+LIBS_FROM_GIT+=python-octaviaclient
+enable_plugin octavia https://git.openstack.org/openstack/octavia
+enable_service octavia
+enable_service o-api
+enable_service o-cw
+enable_service o-hm
+enable_service o-hk
+## Octavia Deps
+# Current Octavia image generation using diskimage-builder is broken ATM
+# You can fetch a precreated qcow image from here [1] and set up octavia to
+# use it by uncommenting the following lines.
+# [1] https://tarballs.openstack.org/octavia/test-images/
+#             test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
+# OCTAVIA_AMP_IMAGE_SIZE=3
+# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
+### Image
+### Barbican
+enable_plugin barbican https://git.openstack.org/openstack/barbican
+### Nova
+enable_service n-api
+enable_service n-api-meta
+enable_service n-cpu
+enable_service n-cond
+enable_service n-sch
+enable_service placement-api
+enable_service placement-client
+### Glance
+enable_service g-api
+enable_service g-reg


 # Keystone
@ -238,11 +230,7 @@ enable_service kuryr-daemon

 # Increase Octavia amphorae timeout so that the first LB amphora has time to
 # build and boot
-if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
-    IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
-else
-    NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
-fi
+IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"

 [[post-config|$OCTAVIA_CONF]]
 [controller_worker]
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -294,14 +294,12 @@ function configure_neutron_defaults {
    pod_subnet_id="$(openstack subnet show -c id -f value \
        "${KURYR_NEUTRON_DEFAULT_POD_SUBNET}")"

-    local use_octavia
-    use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
    create_k8s_subnet "$project_id" \
                      "$KURYR_NEUTRON_DEFAULT_SERVICE_NET" \
                      "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \
                      "$subnetpool_id" \
                      "$router" \
-                      "$use_octavia"
+                      "True"
    service_subnet_id="$(openstack subnet show -c id -f value \
        "${KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET}")"

@ -343,15 +341,13 @@ function configure_neutron_defaults {
        --remote-ip "$service_cidr" --ethertype IPv4 --protocol udp \
        "$service_pod_access_sg_id"

-    if [[ "$use_octavia" == "True" && \
-          "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L3" ]]; then
+    if [[ "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L3" ]]; then
        if [ -n "$sg_ids" ]; then
            sg_ids+=",${service_pod_access_sg_id}"
        else
            sg_ids="${service_pod_access_sg_id}"
        fi
-    elif [[ "$use_octavia" == "True" && \
-            "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then
+    elif [[ "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then
        # In case the member connectivity is L2, Octavia by default uses the
        # admin 'default' sg to create a port for the amphora load balancer
        # at the member ports subnet. Thus we need to allow L2 communication
@ -447,15 +443,13 @@ function configure_neutron_defaults {
    iniset "$KURYR_CONFIG" neutron_defaults external_svc_net "$ext_svc_net_id"
    iniset "$KURYR_CONFIG" octavia_defaults member_mode "$KURYR_K8S_OCTAVIA_MEMBER_MODE"
    iniset "$KURYR_CONFIG" octavia_defaults sg_mode "$KURYR_K8S_OCTAVIA_SG_MODE"
-    if [[ "$use_octavia" == "True" ]]; then
-        # Octavia takes a very long time to start the LB in the gate. We need
-        # to tweak the timeout for the LB creation. Let's be generous and give
-        # it up to 20 minutes.
-        # FIXME(dulek): This might be removed when bug 1753653 is fixed and
-        #               Kuryr restarts waiting for LB on timeouts.
-        iniset "$KURYR_CONFIG" neutron_defaults lbaas_activation_timeout 1200
-        iniset "$KURYR_CONFIG" kubernetes endpoints_driver_octavia_provider "$KURYR_EP_DRIVER_OCTAVIA_PROVIDER"
-    fi
+    # Octavia takes a very long time to start the LB in the gate. We need
+    # to tweak the timeout for the LB creation. Let's be generous and give
+    # it up to 20 minutes.
+    # FIXME(dulek): This might be removed when bug 1753653 is fixed and
+    #               Kuryr restarts waiting for LB on timeouts.
+    iniset "$KURYR_CONFIG" neutron_defaults lbaas_activation_timeout 1200
+    iniset "$KURYR_CONFIG" kubernetes endpoints_driver_octavia_provider "$KURYR_EP_DRIVER_OCTAVIA_PROVIDER"
 }

 function configure_k8s_pod_sg_rules {
@ -872,8 +866,6 @@ function configure_overcloud_vm_k8s_svc_sg {

 function update_tempest_conf_file {

-    local use_octavia="$1"
-
    if [[ "$KURYR_USE_PORT_POOLS" == "True" ]]; then
        iniset $TEMPEST_CONFIG kuryr_kubernetes port_pool_enabled True
    fi
@ -896,10 +888,8 @@ function update_tempest_conf_file {
        iniset $TEMPEST_CONFIG kuryr_kubernetes kuryr_daemon_enabled False
    fi
    # NOTE(yboaron): Services with protocol UDP are supported in Kuryr
-    # starting from Stein release and only for Octavia
-    if [[ "$use_octavia" == "True" ]]; then
-        iniset $TEMPEST_CONFIG kuryr_kubernetes test_udp_services True
-    fi
+    # starting from Stein release
+    iniset $TEMPEST_CONFIG kuryr_kubernetes test_udp_services True
    if [[ "$KURYR_CONTROLLER_HA" == "True" ]]; then
        iniset $TEMPEST_CONFIG kuryr_kubernetes ap_ha True
    fi
@ -1062,12 +1052,6 @@ if [[ "$1" == "stack" && "$2" == "extra" ]]; then

 elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
    if is_service_enabled kuryr-kubernetes; then
-        # NOTE(dulek): This is so late, because Devstack's Octavia is unable
-        #              to create loadbalancers until test-config phase.
-        use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
-        if [[ "$use_octavia" == "False" ]]; then
-            create_k8s_router_fake_service
-        fi
        create_k8s_api_service
        #create Ingress L7 router if required
        enable_ingress=$(trueorfalse False KURYR_ENABLE_INGRESS)
@ -1095,7 +1079,7 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
        fi
    fi
    if is_service_enabled tempest; then
-        update_tempest_conf_file "$use_octavia"
+        update_tempest_conf_file
    fi
 fi

--- a/devstack/settings
+++ b/devstack/settings
@ -55,7 +55,6 @@ OPENSHIFT_API_URL=${OPENSHIFT_API_URL:-https://${HOST_IP}:${OPENSHIFT_API_PORT}}
 OPENSHIFT_CNI_BINARY_URL=${OPENSHIFT_CNI_BINARY_URL:-https://github.com/containernetworking/cni/releases/download/v0.5.2/cni-v0.5.2.tgz}

 # Octavia
-KURYR_K8S_LBAAS_USE_OCTAVIA=${KURYR_K8S_LBAAS_USE_OCTAVIA:-True}
 KURYR_K8S_OCTAVIA_MEMBER_MODE=${KURYR_K8S_OCTAVIA_MEMBER_MODE:-L3}
 KURYR_K8S_OCTAVIA_SG_MODE=${KURYR_K8S_OCTAVIA_SG_MODE:-update}

--- a/kuryr_kubernetes/config.py
+++ b/kuryr_kubernetes/config.py
@ -138,11 +138,7 @@ k8s_opts = [
    cfg.StrOpt('endpoints_lbaas_driver',
               help=_("The driver that provides LoadBalancers for "
                      "Kubernetes Endpoints"),
-               default='lbaasv2',
-               deprecated_for_removal=True,
-               deprecated_reason="Default and supported lbaas endpoint is "
-                                 "now Octavia",
-               deprecated_since="Rocky"),
+               default='lbaasv2'),
    cfg.StrOpt('endpoints_driver_octavia_provider',
               help=_("The Octavia load balancer provider that will be used "
                      "to support Kubernetes Endpoints"),
--- a/kuryr_kubernetes/controller/drivers/lbaasv2.py
+++ b/kuryr_kubernetes/controller/drivers/lbaasv2.py
@ -27,7 +27,6 @@ from oslo_log import log as logging
 from oslo_utils import timeutils

 from kuryr_kubernetes import clients
-from kuryr_kubernetes import constants as const
 from kuryr_kubernetes.controller.drivers import base
 from kuryr_kubernetes import exceptions as k_exc
 from kuryr_kubernetes.objects import lbaas as obj_lbaas
@ -76,13 +75,6 @@ class LBaaSv2Driver(base.LBaaSDriver):
            # deleted externally between 'create' and 'find'
            raise k_exc.ResourceNotReady(request)

-        try:
-            if security_groups_ids is not None:
-                self._ensure_security_groups(response, service_type)
-        except n_exc.NeutronClientException:
-            self.release_loadbalancer(response)
-            raise
-
        return response

    def release_loadbalancer(self, loadbalancer):
@ -112,59 +104,6 @@ class LBaaSv2Driver(base.LBaaSDriver):
            except n_exc.NotFound:
                LOG.debug('Security group %s already deleted', sg_id)

-    def _ensure_security_groups(self, loadbalancer, service_type):
-        # We only handle SGs for legacy LBaaSv2, Octavia handles it dynamically
-        # according to listener ports.
-        if loadbalancer.provider == const.NEUTRON_LBAAS_HAPROXY_PROVIDER:
-            neutron = clients.get_neutron_client()
-            sg_id = None
-            try:
-                # NOTE(dulek): We're creating another security group to
-                #              overcome LBaaS v2 limitations and handle SGs
-                #              ourselves.
-                if service_type == 'LoadBalancer':
-                    sg_id = self._find_listeners_sg(loadbalancer)
-                    if not sg_id:
-                        sg = neutron.create_security_group({
-                            'security_group': {
-                                'name': loadbalancer.name,
-                                'project_id': loadbalancer.project_id,
-                            },
-                        })
-                        sg_id = sg['security_group']['id']
-                    loadbalancer.security_groups.append(sg_id)
-
-                neutron.update_port(
-                    loadbalancer.port_id,
-                    {'port': {
-                        'security_groups': loadbalancer.security_groups}})
-            except n_exc.NeutronClientException:
-                LOG.exception('Failed to set SG for LBaaS v2 VIP port %s.',
-                              loadbalancer.port_id)
-                if sg_id:
-                    neutron.delete_security_group(sg_id)
-                raise
-
-    def _ensure_lb_security_group_rule(self, loadbalancer, listener):
-        sg_id = self._find_listeners_sg(loadbalancer)
-        if sg_id:
-            try:
-                neutron = clients.get_neutron_client()
-                neutron.create_security_group_rule({
-                    'security_group_rule': {
-                        'direction': 'ingress',
-                        'port_range_min': listener.port,
-                        'port_range_max': listener.port,
-                        'protocol': listener.protocol,
-                        'security_group_id': sg_id,
-                        'description': listener.name,
-                    },
-                })
-            except n_exc.NeutronClientException as ex:
-                if ex.status_code != requests.codes.conflict:
-                    LOG.exception('Failed when creating security group rule '
-                                  'for listener %s.', listener.name)
-
    def _create_lb_security_group_rule(self, loadbalancer, listener):
        neutron = clients.get_neutron_client()
        sg_id = self._find_listeners_sg(loadbalancer)
@ -352,9 +291,7 @@ class LBaaSv2Driver(base.LBaaSDriver):
            CONF.kubernetes.service_security_groups_driver == 'namespace')
        create_sg = CONF.octavia_defaults.sg_mode == 'create'

-        if loadbalancer.provider == const.NEUTRON_LBAAS_HAPROXY_PROVIDER:
-            self._ensure_lb_security_group_rule(loadbalancer, listener)
-        elif namespace_isolation and service_type == 'ClusterIP':
+        if namespace_isolation and service_type == 'ClusterIP':
            self._extend_lb_security_group_rules(loadbalancer, listener)
        elif create_sg:
            self._create_lb_security_group_rule(loadbalancer, listener)