Document how to enable Octavia Day 2

docs/user/openstack/README.md

@@ -646,6 +646,48 @@ If you ran the installer with a [custom CA certificate](#self-signed-openstack-c
 oc edit configmap -n openshift-config cloud-provider-config
 ```
 
+### Enabling Octavia for Load Balancer Services
+
+OpenShift supports creating load balancer service types, and ingress controllers with load balancers as a backend using octavia as a day 2 operation. However, there are a few known issues to be aware of:
+* only TCP traffic is supported
+* the floating IPs attached to your Octavia load balancers will not be deleted if you delete your cluster
+* `manage-security-groups` will not work for non-admin tenants
+* `loadBalancerSourceRanges` is currently [not supported](https://bugzilla.redhat.com/show_bug.cgi?id=1980748)
+
+Enabling this service should only be done with non-kuryr deployments as a day 2 operation. To do this, edit the cloud provider config:
+
+```sh
+oc edit configmap -n openshift-config cloud-provider-config
+```
+
+If you are using the `amphora` driver, then you should add this to your cloud provider config:
+
+```
+[LoadBalancer]
+use-octavia = true
+lb-provider = amphora
+```
+
+If you are using the `ovn` driver, then you should add this to your cloud provider config:
+
+```
+[LoadBalancer]
+use-octavia = true
+lb-provider = ovn
+lb-method = SOURCE_IP_PORT
+```
+
+If you have multiple external networks, you need to set `floating-network-id` in your cloud provider config to the one you want FIPs to be created in:
+
+```
+[LoadBalancer]
+use-octavia = true
+lb-provider = amphora
+floating-network-id = < network uuid >
+```
+
+If you are using the OVN driver for Octavia, you will also need to modify the `_ingress_services_tcp` security group rules in the master and worker security groups to have a `remote ip prefix = 0.0.0.0/0`.
+
 ## Reporting Issues
 
 Please see the [Issue Tracker][issues_openstack] for current known issues.