feat: add OVN layer2 topology support to network_mgmt role

[albertoflorez]

Summary

This PR adds support for ovn-k8s-cni-overlay with layer2 topology to the network_mgmt role, enabling the creation of isolated layer2 overlay networks without requiring physical node network configuration (NNCP).

Motivation

Previously, the network_mgmt role only supported:

• linux-bridge: CNV bridge requiring NNCP for node-level bridge configuration
• ovs-bridge: OVN with localnet topology requiring NNCP for OVS bridge and localnet mapping

This limited the ability to create isolated overlay networks using OVN's layer2 topology, which is useful for:

• Microsegmentation scenarios
• Isolated network segments that don't map to physical VLANs
• Simplified network configuration without node-level dependencies

Changes

New Features

• New bridge mode: ovn-layer2 option for network_mgmt_openshift_network_bridge_mode
• New variable: network_mgmt_ovn_topology to control OVN topology type (defaults to layer2)
• New template: roles/network_mgmt/templates/ovn-layer2/nad.yaml.j2 for layer2 NAD generation

Modified Components

• defaults/main.yml: Added new variables and updated documentation
• tasks/automatic.yml: Skip NNCP creation for ovn-layer2 mode, enable NAD creation
• tasks/manual.yml: Updated validations to skip VLAN requirements for layer2
• templates/manual-lb/nad.yaml.j2: Added ovn-layer2 support to manual mode template
• README.md: Added documentation explaining the three network bridge modes

Usage

Automatic Mode

migration_targets:
  - name: vcenter-target
    network:
      network_mgmt_openshift_network_bridge_mode: ovn-layer2
      network_mgmt_ovn_topology: layer2
      network_mgmt_vcenter_dvswitch: DSwitch01
      network_mgmt_vcenter_datacenter: Datacenter
      network_mgmt_nad_namespace: production

Manual Mode

network:
  network_mgmt_openshift_network_bridge_mode: ovn-layer2
  network_mgmt_ovn_topology: layer2
  network_mgmt_manual_nad_list:
    - name: app-network
      namespace: production
      portgroup: APP-NETWORK
    - name: db-network
      namespace: production

Example Generated NAD

apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  annotations:
    infra.openshift-virtualization-migration/source-portgroup: example-portgroup
  name: example-network
  namespace: production
spec:
  config: |-
    {
        "cniVersion": "0.3.1",
        "name": "example-network",
        "type": "ovn-k8s-cni-overlay",
        "netAttachDefName": "production/example-network",
        "topology": "layer2"
    }

Testing

Tested with manual mode configuration:

• ✅ Creates NADs without VLAN configuration
• ✅ Skips NNCP creation (not needed for layer2)
• ✅ Supports custom namespaces per NAD
• ✅ Preserves migration annotations (source-portgroup, etc.)

Breaking Changes

None. This is a backward-compatible addition. Existing configurations using linux-bridge or ovs-bridge continue to work unchanged.

Documentation

• Updated README.md with network bridge modes comparison table
• Added usage examples for both automatic and manual modes
• Documented field requirements per bridge mode