From 5bb772cf50ad4d851c564aeb50b10ed64ef38ee0 Mon Sep 17 00:00:00 2001
From: Pete Birley <pete@port.direct>
Date: Thu, 19 Apr 2018 22:34:20 -0500
Subject: [PATCH] Neutron: Enable sharing of network namespaces with host

This PS enables sharing of network namespaces with the host,
allowing for hitless upgrades of agents, and much simpler debugging.

It does however require mount propogation to be enabled in kubernetes
which is a alpha gated feature introduced in 1.8, and enabled by default
as a beta feature in 1.10.

Depends-On: I7a37f45ff6061b144c6f04233712cd84fccb3e83
Change-Id: I2a191a343fe637cbfd9e4af5277f9784af736dd1
---
 neutron/templates/daemonset-dhcp-agent.yaml     | 10 ++++++++++
 neutron/templates/daemonset-l3-agent.yaml       | 10 ++++++++++
 neutron/templates/daemonset-metadata-agent.yaml | 10 ++++++++++
 neutron/values.yaml                             |  4 ++++
 4 files changed, 34 insertions(+)

diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
index ab98e341a8..5cba9f0e1a 100644
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@@ -113,6 +113,11 @@ spec:
             {{- end }}
             - name: socket
               mountPath: /var/lib/neutron/openstack-helm
+            {{- if .Values.network.share_namespaces }}
+            - name: host-run-netns
+              mountPath: /run/netns
+              mountPropagation: Bidirectional
+            {{- end }}
 {{ if $mounts_neutron_dhcp_agent.volumeMounts }}{{ toYaml $mounts_neutron_dhcp_agent.volumeMounts | indent 12 }}{{ end }}
       volumes:
         - name: neutron-bin
@@ -131,6 +136,11 @@ spec:
         - name: socket
           hostPath:
             path: /var/lib/neutron/openstack-helm
+        {{- if .Values.network.share_namespaces }}
+        - name: host-run-netns
+          hostPath:
+            path: /run/netns
+        {{- end }}
 {{ if $mounts_neutron_dhcp_agent.volumes }}{{ toYaml $mounts_neutron_dhcp_agent.volumes | indent 8 }}{{ end }}
 {{- end }}
 {{- end }}
diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
index bacbe04cf5..e05e0be550 100644
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@@ -112,6 +112,11 @@ spec:
               readOnly: true
             - name: socket
               mountPath: /var/lib/neutron/openstack-helm
+            {{- if .Values.network.share_namespaces }}
+            - name: host-run-netns
+              mountPath: /run/netns
+              mountPropagation: Bidirectional
+            {{- end }}
 {{ if $mounts_neutron_l3_agent.volumeMounts }}{{ toYaml $mounts_neutron_l3_agent.volumeMounts | indent 12 }}{{ end }}
       volumes:
         - name: neutron-bin
@@ -133,6 +138,11 @@ spec:
         - name: socket
           hostPath:
             path: /var/lib/neutron/openstack-helm
+        {{- if .Values.network.share_namespaces }}
+        - name: host-run-netns
+          hostPath:
+            path: /run/netns
+        {{- end }}
 {{ if $mounts_neutron_l3_agent.volumes }}{{ toYaml $mounts_neutron_l3_agent.volumes | indent 8 }}{{ end }}
 {{- end }}
 {{- end }}
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
index 32dc87ac2b..1dc92a2d54 100644
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@@ -127,6 +127,11 @@ spec:
             {{- end }}
             - name: socket
               mountPath: /var/lib/neutron/openstack-helm
+            {{- if .Values.network.share_namespaces }}
+            - name: host-run-netns
+              mountPath: /run/netns
+              mountPropagation: Bidirectional
+            {{- end }}
 {{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }}
       volumes:
         - name: neutron-bin
@@ -145,6 +150,11 @@ spec:
         - name: socket
           hostPath:
             path: /var/lib/neutron/openstack-helm
+        {{- if .Values.network.share_namespaces }}
+        - name: host-run-netns
+          hostPath:
+            path: /run/netns
+        {{- end }}
 {{ if $mounts_neutron_metadata_agent.volumes }}{{ toYaml $mounts_neutron_metadata_agent.volumes | indent 8 }}{{ end }}
 {{- end }}
 {{- end }}
diff --git a/neutron/values.yaml b/neutron/values.yaml
index a32bcda126..61d8238771 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -80,6 +80,10 @@ network:
   # possible options: openvswitch, linuxbridge, sriov
   backend:
     - openvswitch
+  # NOTE(Portdirect): Share network namespaces with the host,
+  # allowing agents to be restarted without packet loss and simpler
+  # debugging. This feature requires mount propagation support.
+  share_namespaces: true
   external_bridge: br-ex
   ip_address: 0.0.0.0
   interface: