openstack/openstack-helm
Code Issues Proposed changes

Merge "[neutron] Bring in L2 gateway support"

Browse Source
This commit is contained in:
Zuul 2019-07-03 16:47:37 +00:00 committed by Gerrit Code Review
commit 38e3237da4
13 changed files with 235 additions and 0 deletions

22
neutron/templates/bin/_neutron-l2gw-agent.sh.tpl Normal file

@ -0,0 +1,22 @@
#!/bin/bash
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -x
exec neutron-l2gateway-agent \
--config-file=/etc/neutron/neutron.conf \
--config-file=/etc/neutron/l2gw_agent.ini

3
neutron/templates/bin/_neutron-server.sh.tpl

@ -29,6 +29,9 @@ function start () {
{{- if ( has "sriov" .Values.network.backend ) }} \
--config-file /etc/neutron/plugins/ml2/sriov_agent.ini
{{- end }}
{{- if .Values.conf.plugins.l2gateway }} \
--config-file /etc/neutron/l2gw_plugin.ini
{{- end }}
}
function stop () {

2
neutron/templates/configmap-bin.yaml

@ -71,6 +71,8 @@ data:
{{ tuple "bin/_neutron-sriov-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-sriov-agent-init.sh: |
{{ tuple "bin/_neutron-sriov-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-l2gw-agent.sh: |
{{ tuple "bin/_neutron-l2gw-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-server.sh: |
{{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
rabbit-init.sh: |

2
neutron/templates/configmap-etc.yaml

@ -190,10 +190,12 @@ data:
ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }}
ml2_conf_sriov.ini: {{ default ( include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf_sriov | b64enc ) "\"\"" }}
taas.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.taas | b64enc }}
l2gw_plugin.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" .Values.conf.plugins.l2gateway | b64enc) }}
macvtap_agent.ini: {{ default ( include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.macvtap_agent | b64enc ) "\"\"" }}
linuxbridge_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.linuxbridge_agent | b64enc }}
openvswitch_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.openvswitch_agent | b64enc }}
sriov_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.sriov_agent | b64enc }}
l2gw_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" .Values.conf.l2gateway_agent | b64enc) }}
dnsmasq.conf: ""
neutron_sudoers: {{ $envAll.Values.conf.neutron_sudoers | b64enc }}
rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }}

152
neutron/templates/daemonset-l2gw-agent.yaml Normal file

@ -0,0 +1,152 @@
{{/*
Copyright 2019 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "neutron.l2gw_agent.daemonset" }}
{{- $daemonset := index . 0 }}
{{- $configMapName := index . 1 }}
{{- $serviceAccountName := index . 2 }}
{{- $envAll := index . 3 }}
{{- with $envAll }}
{{- $mounts_neutron_l2gw_agent := .Values.pod.mounts.neutron_l2gw_agent.neutron_l2gw_agent }}
{{- $mounts_neutron_l2gw_agent_init := .Values.pod.mounts.neutron_l2gw_agent.init_container }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: neutron-l2gw-agent
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "neutron" "l2gw-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
selector:
matchLabels:
{{ tuple $envAll "neutron" "l2gw-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll "l2gw_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "neutron" "l2gw-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
{{ dict "envAll" $envAll "application" "neutron" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.agent.l2gw.node_selector_key }}: {{ .Values.labels.agent.l2gw.node_selector_value }}
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
shareProcessNamespace: true
{{- else }}
hostPID: true
{{- end }}
initContainers:
{{ tuple $envAll "pod_dependency" $mounts_neutron_l2gw_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: neutron-l2gw-agent
{{ tuple $envAll "neutron_l2gw" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.agent.l2gw | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
readinessProbe:
exec:
command:
- python
- /tmp/health-probe.py
- --config-file
- /etc/neutron/neutron.conf
- --config-file
- /etc/neutron/l2gw_agent.ini
- --agent-queue-name
- l2gateway_agent
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 65
livenessProbe:
exec:
command:
- python
- /tmp/health-probe.py
- --config-file
- /etc/neutron/neutron.conf
- --config-file
- /etc/neutron/l2gw_agent.ini
- --agent-queue-name
- l2gateway_agent
- --liveness-probe
initialDelaySeconds: 120
periodSeconds: 90
timeoutSeconds: 70
command:
- /tmp/neutron-l2gw-agent.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: neutron-bin
mountPath: /tmp/neutron-l2gw-agent.sh
subPath: neutron-l2gw-agent.sh
readOnly: true
- name: neutron-bin
mountPath: /tmp/health-probe.py
subPath: health-probe.py
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf
readOnly: true
{{- if .Values.conf.neutron.DEFAULT.log_config_append }}
- name: neutron-etc
mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
- name: neutron-etc
mountPath: /etc/neutron/l2gw_agent.ini
subPath: l2gw_agent.ini
readOnly: true
{{ if $mounts_neutron_l2gw_agent.volumeMounts }}{{ toYaml $mounts_neutron_l2gw_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: neutron-bin
configMap:
name: neutron-bin
defaultMode: 0555
- name: neutron-etc
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
{{ if $mounts_neutron_l2gw_agent.volumes }}{{ toYaml $mounts_neutron_l2gw_agent.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
{{- if .Values.manifests.daemonset_l2gw_agent }}
{{- $envAll := . }}
{{- $daemonset := "l2gw-agent" }}
{{- $configMapName := "neutron-etc" }}
{{- $serviceAccountName := "neutron-l2gw-agent" }}
{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "l2gateway" -}}
{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.l2gw_agent.daemonset" | toString | fromYaml }}
{{- $configmap_yaml := "neutron.configmap.etc" }}
{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
{{- end }}

6
neutron/templates/deployment-server.yaml

@ -123,6 +123,12 @@ spec:
subPath: taas_plugin.ini
readOnly: true
{{ end }}
{{- if .Values.conf.plugins.l2gateway }}
- name: neutron-etc
mountPath: /etc/neutron/l2gw_plugin.ini
subPath: l2gw_plugin.ini
readOnly: true
{{ end }}
- name: neutron-etc
mountPath: /etc/neutron/api-paste.ini
subPath: api-paste.ini

18
neutron/values.yaml

@ -34,6 +34,7 @@ images:
neutron_dhcp: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
neutron_metadata: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
neutron_l3: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
neutron_l2gw: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
neutron_openvswitch_agent: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
neutron_sriov_agent: docker.io/openstackhelm/neutron:ocata-18.04-sriov
@ -58,6 +59,9 @@ labels:
metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
l2gw:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
@ -134,6 +138,7 @@ dependencies:
service: local_image_registry
targeted:
sriov: {}
l2gateway: {}
openvswitch:
dhcp:
pod:
@ -457,6 +462,11 @@ pod:
neutron_sriov_agent:
volumeMounts:
volumes:
neutron_l2gw_agent:
init_container: null
neutron_l2gw_agent:
volumeMounts:
volumes:
neutron_tests:
init_container: null
neutron_tests:
@ -562,6 +572,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
l2gw:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
server:
requests:
memory: "128Mi"
@ -2064,6 +2081,7 @@ manifests:
daemonset_metadata_agent: true
daemonset_ovs_agent: true
daemonset_sriov_agent: true
daemonset_l2gw_agent: false
deployment_server: true
ingress_server: true
job_bootstrap: true

1
neutron/values_overrides/pike-ubuntu_xenial.yaml

@ -10,6 +10,7 @@ images:
neutron_db_sync: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
neutron_dhcp: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
neutron_l3: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
neutron_l2gw: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
neutron_metadata: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"

1
neutron/values_overrides/queens-ubuntu_xenial.yaml

@ -10,6 +10,7 @@ images:
neutron_db_sync: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
neutron_dhcp: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
neutron_l3: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
neutron_l2gw: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
neutron_metadata: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"

1
neutron/values_overrides/rocky-opensuse_15.yaml

@ -10,6 +10,7 @@ images:
neutron_db_sync: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
neutron_dhcp: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
neutron_l3: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
neutron_l2gw: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
neutron_metadata: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:rocky-opensuse_15"

1
neutron/values_overrides/rocky-ubuntu_bionic.yaml

@ -10,6 +10,7 @@ images:
neutron_db_sync: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
neutron_dhcp: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
neutron_l3: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
neutron_l2gw: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
neutron_metadata: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"

1
neutron/values_overrides/rocky-ubuntu_xenial.yaml

@ -10,6 +10,7 @@ images:
neutron_db_sync: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
neutron_dhcp: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
neutron_l3: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
neutron_l2gw: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
neutron_metadata: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"

25
tools/overrides/backends/networking/l2gateway.yaml Normal file

@ -0,0 +1,25 @@
---
conf:
neutron:
DEFAULT:
service_plugins: router, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin
plugins:
l2gateway:
DEFAULT:
quota_l2_gateway: 10
periodic_monitoring_interval: 5
service_providers:
service_provider: L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.rpc_l2gw.L2gwRpcDriver:default
l2gateway_agent:
DEFAULT:
debug: false
ovsdb:
# <ovsdb_name>:<ip address>:<port>[,<ovsdb_name>:<ip address>:<port>]
# - ovsdb_name: a symbolic name that helps identifies keys and certificate files
# - ip address: the address or dns name for the ovsdb server
# - port: the port (ssl is supported)
ovsdb_hosts: ovsdbx:127.0.0.1:6632
socket_timeout: 30
manifests:
daemonset_l2gw_agent: true