Document how to enable Octavia Day 2

docs/user/openstack/README.md

@@ -646,6 +646,48 @@ If you ran the installer with a [custom CA certificate](#self-signed-openstack-c
 oc edit configmap -n openshift-config cloud-provider-config
 ```
 
+### Enabling Octavia for Load Balancer Services
+
+OpenShift supports creating load balancer service types, and ingress controllers with load balancers as a backend using octavia as a day 2 operation. However, there are a few known issues to be aware of:
+* only TCP traffic is supported
+* the floating IPs attached to your Octavia load balancers will not be deleted if you delete your cluster
+* `manage-security-groups` will not work for non-admin tenants
+* `loadBalancerSourceRanges` is currently [not supported](https://bugzilla.redhat.com/show_bug.cgi?id=1980748)
+
+Enabling this service should only be done with non-kuryr deployments as a day 2 operation. To do this, edit the cloud provider config:
+
+```sh
+oc edit configmap -n openshift-config cloud-provider-config
+```
+
+If you are using the `amphora` driver, then you should add this to your cloud provider config:
+
+```
+[LoadBalancer]
+use-octavia = true
+lb-provider = amphora
+```
+
+If you are using the `ovn` driver, then you should add this to your cloud provider config:
+
+```
+[LoadBalancer]
+use-octavia = true
+lb-provider = ovn
+lb-method = SOURCE_IP_PORT
+```
+
+If you have multiple external networks, you need to set `floating-network-id` in your cloud provider config to the one you want FIPs to be created in:
+
+```
+[LoadBalancer]
+use-octavia = true
+lb-provider = amphora
+floating-network-id = < network uuid >
+```
+
+If you are using the OVN driver for Octavia, you will also need to modify the TCP ingress security group rules for the master and worker security groups to allow traffic from `0.0.0.0/0`.
+
 ## Reporting Issues
 
 Please see the [Issue Tracker][issues_openstack] for current known issues.