openstack: Reserve addresses for load balancer

When using Octavia, we use the .5 and .7 addresses on the first machine
network for API and Ingress VIP, respectively [1]. However, we were not
reserving these address when creating the network. This can result in an
IP collision if another service happens to allocate one of these two IPs
before the load balancer is created. This can happen if DHCP agents are
running on the controller/network nodes, as each agent creates its own
DHCP port on the subnet.

The solution is to use allocation pools - which are designed exactly for
this purpose - and configure one on the subnet we create (via CAPO). We
reserve everything < .10 in case we need more addresses down the line.

[1] `SetPlatformDefaults` in `pkg/types/openstack/defaults/platform.go`

Signed-off-by: Stephen Finucane <stephenfin@redhat.com>

Author: stephenfin

pkg/asset/manifests/openstack/cluster.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/apparentlymart/go-cidr/cidr"
 	"github.com/gophercloud/utils/v2/openstack/clientconfig"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -81,10 +82,22 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 			}
 		}
 	} else {
+		networkCIDR := capiutils.CIDRFromInstallConfig(installConfig)
+		allocationStart, err := cidr.Host(&networkCIDR.IPNet, 10)
+		if err != nil {
+			return nil, err
+		}
+		_, allocationEnd := cidr.AddressRange(&networkCIDR.IPNet)
 		openStackCluster.Spec.ManagedSubnets = []capo.SubnetSpec{
 			{
-				CIDR:           capiutils.CIDRFromInstallConfig(installConfig).String(),
+				CIDR:           networkCIDR.String(),
 				DNSNameservers: openstackInstallConfig.ExternalDNS,
+				AllocationPools: []capo.AllocationPool{
+					{
+						Start: allocationStart.String(),
+						End:   allocationEnd.String(),
+					},
+				},
 			},
 		}
 	}