fix(octavia): force internal endpoint usage
diff --git a/images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch b/images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch
new file mode 100644
index 0000000..f113d64
--- /dev/null
+++ b/images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch
@@ -0,0 +1,37 @@
+From efd289b950b32d3e6ad160b7c7f2901bca7c7e55 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Tue, 16 Jan 2024 17:13:19 -0500
+Subject: [PATCH] fix: specify endpoint info. for neutron client
+
+Closes bug: #2049551
+
+Change-Id: I80a266e500958415a70d462ddfe57e9e03e6ef13
+---
+ octavia/common/clients.py | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/octavia/common/clients.py b/octavia/common/clients.py
+index b13642bb..2abcc67b 100644
+--- a/octavia/common/clients.py
++++ b/octavia/common/clients.py
+@@ -80,10 +80,16 @@ class NeutronAuth(object):
+         if not cls.neutron_client:
+             sess = ksession.get_session()
+ 
+-            kwargs = {}
++            kwargs = {
++                'region_name': CONF.neutron.region_name,
++                'interface': CONF.neutron.valid_interfaces
++            }
+             if CONF.neutron.endpoint_override:
+                 kwargs['network_endpoint_override'] = (
+                     CONF.neutron.endpoint_override)
++                if CONF.neutron.endpoint_override.startswith("https"):
++                    kwargs['insecure'] = CONF.neutron.insecure
++                    kwargs['cacert'] = CONF.neutron.cafile
+ 
+             conn = openstack.connection.Connection(
+                 session=sess, **kwargs)
+-- 
+2.34.1
+
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index 1711fe5..dc98056 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -147,12 +147,12 @@
   nova_service_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:c5118e27245b53db06e5098e980816d5f2a8f2615dde49d5e0c5b3172ee69bf6
   nova_spiceproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:584c9e0a1c503110c95ff511610993e9b41d99091579291c7726db155b6fa0ca
   nova_spiceproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:584c9e0a1c503110c95ff511610993e9b41d99091579291c7726db155b6fa0ca
-  octavia_api: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
-  octavia_db_sync: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
+  octavia_api: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
+  octavia_db_sync: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
   octavia_health_manager_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:c5118e27245b53db06e5098e980816d5f2a8f2615dde49d5e0c5b3172ee69bf6
-  octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
-  octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
-  octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
+  octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
+  octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
+  octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
   openvswitch_db_server: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:c68347b6b1479fda5ccf3165492b989ebe49985fa30661ed4f1ea208fa2a110e
   openvswitch_vswitchd: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:c68347b6b1479fda5ccf3165492b989ebe49985fa30661ed4f1ea208fa2a110e
   ovn_controller: ghcr.io/vexxhost/atmosphere/ovn-host:23.03.0-69@sha256:03b4174e347d14e370aff7399a34f5fcbab1176dcf72c22ffbb0e8c1f66628a6
diff --git a/roles/octavia/tasks/generate_resources.yml b/roles/octavia/tasks/generate_resources.yml
index 1c4c87e..32ee815 100644
--- a/roles/octavia/tasks/generate_resources.yml
+++ b/roles/octavia/tasks/generate_resources.yml
@@ -169,6 +169,11 @@
           stringData:
             id_rsa: $(privateKey)
             id_rsa.pub: $(authorizedKey)
+            config: |
+              Host *
+                User ubuntu
+                StrictHostKeyChecking no
+                UserKnownHostsFile /dev/null
     wait: true
     wait_timeout: 60
     wait_condition:
diff --git a/roles/octavia/vars/main.yml b/roles/octavia/vars/main.yml
index 2a69cd9..f83ae85 100644
--- a/roles/octavia/vars/main.yml
+++ b/roles/octavia/vars/main.yml
@@ -39,15 +39,8 @@
               mountPath: /etc/octavia/certs/server
             - name: octavia-client-certs
               mountPath: /etc/octavia/certs/client
-            - name: octavia-amphora-ssh-key-dir
+            - name: octavia-amphora-ssh-key
               mountPath: /var/lib/octavia/.ssh
-            - name: octavia-amphora-ssh-key
-              mountPath: /var/lib/octavia/.ssh/id_rsa
-              subPath: id_rsa
-              readOnly: true
-            - name: octavia-amphora-ssh-key
-              mountPath: /var/lib/octavia/.ssh/id_rsa.pub
-              subPath: id_rsa.pub
               readOnly: true
           volumes:
             - name: octavia-server-ca
@@ -56,14 +49,10 @@
             - name: octavia-client-certs
               secret:
                 secretName: octavia-client-certs
-            - name: octavia-amphora-ssh-key-dir
-              emptyDir: {}
             - name: octavia-amphora-ssh-key
               secret:
                 secretName: "{{ octavia_ssh_key_secret.resources[0]['metadata']['name'] }}"
                 defaultMode: 0444 # noqa: yaml[octal-values]
-            - name: octavia-amphora-ssh-key-dir
-              emptyDir: {}
       octavia_housekeeping:
         octavia_housekeeping:
           volumeMounts:
@@ -128,6 +117,7 @@
         driver: noop
       neutron:
         endpoint_type: internalURL
+        valid_interfaces: internal
       nova:
         endpoint_type: internalURL
       service_auth: